Three Detection Paradigms. One Dataset. One Result.

The article compares three network security paradigms: signature-based IDS (Suricata), telemetry & anomaly observation (Zeek), and behavioral ML-based NDR (aRGus). The results show that Suricata failed to detect the malicious flows due to its signature dependency, while Zeek observed anomalies but didn't classify them as attacks. aRGus achieved 100% recall and precision with 646 alerts. The experiment highlights the strengths and limitations of each paradigm.