Dr. Wei Li2025-10-142025-10-14https://dspace.academy.edu.ly/handle/123456789/1807A signature-based system detects attacks based on comparing network data to known attacks, which are labeled as signatures in a database. An anomaly-based system detects intrusions based on deviations from normal user activities and is able to detect novel attacks without prior knowledge (Patcha & Park, 2007). In a network-based IDS, in order to identify anomalous traffic to networks, all packets throughout the network are classified to verify if the data contains any malicious activity or not.An intrusion is outlined as any sequence of actions that compromise the confidentiality, integrity, or availability of a network or a host. Intrusion detection is a process of tracking and monitoring the passing of information and identifying malicious activities. Intrusion detection systems (IDS) are defense systems that detect anomalous activities. A network IDS has the capability to provide an overview of unusual behavior and issue alerts to inform the network administrators and terminate a suspected connection (Zhang & Lee, 2000). Intrusion detection systems function through either network-based or host-based intrusion detection techniques (Ahmed et al., 2016).Detection Systems