Final answer:
A Signature-based IDS matches network traffic to known patterns and signatures but cannot identify new, unknown attacks such as zero-day threats. Anomaly-based IDS and Behavior-based IDS are capable of detecting such threats by identifying unusual patterns or behaviors but may have a higher rate of false positives.
Step-by-step explanation:
The type of Intrusion Detection System (IDS) that compares patterns of traffic to predefined signatures and is unable to detect zero-day attacks is a Signature-based IDS. It relies on a database of known patterns or signatures associated with malicious activity. When network traffic matches a signature in the database, an alert is generated. However, this method's limitation is that it cannot detect attacks for which it has no signature, such as new, unknown, or 'zero-day' threats.
Anomaly-based IDS and Behavior-based IDS, on the other hand, are designed to identify unusual patterns or behaviors that may indicate a security threat, which theoretically allows them to detect zero-day attacks that deviate from normal behavior, although with a higher false positive rate. A behavior-based IDS can also be considered as a more advanced form of anomaly detection, as it focuses on the behavior of the system rather than just deviations from established baselines.