{"id":"https://openalex.org/W7154454170","doi":"https://doi.org/10.3390/computation14040092","title":"Comparative Analysis of Supervised and Unsupervised Learning for Intrusion Detection in Network Logs","display_name":"Comparative Analysis of Supervised and Unsupervised Learning for Intrusion Detection in Network Logs","publication_year":2026,"publication_date":"2026-04-15","ids":{"openalex":"https://openalex.org/W7154454170","doi":"https://doi.org/10.3390/computation14040092"},"language":"en","primary_location":{"id":"doi:10.3390/computation14040092","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computation14040092","pdf_url":"https://www.mdpi.com/2079-3197/14/4/92/pdf?version=1776239500","source":{"id":"https://openalex.org/S2738402919","display_name":"Computation","issn_l":"2079-3197","issn":["2079-3197"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computation","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2079-3197/14/4/92/pdf?version=1776239500","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5130312638","display_name":"Paulo Castro","orcid":null},"institutions":[{"id":"https://openalex.org/I56125125","display_name":"Polytechnic Institute of Viseu","ror":"https://ror.org/0235kxk33","country_code":"PT","type":"education","lineage":["https://openalex.org/I56125125"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Paulo Castro","raw_affiliation_strings":["Escola Superior de Tecnologia e Gest\u00e3o de Lamego, Instituto Polit\u00e9cnico de Viseu, 5100-074 Lamego, Portugal"],"raw_orcid":"https://orcid.org/0009-0007-0010-1783","affiliations":[{"raw_affiliation_string":"Escola Superior de Tecnologia e Gest\u00e3o de Lamego, Instituto Polit\u00e9cnico de Viseu, 5100-074 Lamego, Portugal","institution_ids":["https://openalex.org/I56125125"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133668371","display_name":"Fernando Santos","orcid":"https://orcid.org/0000-0003-1551-4111"},"institutions":[{"id":"https://openalex.org/I56125125","display_name":"Polytechnic Institute of Viseu","ror":"https://ror.org/0235kxk33","country_code":"PT","type":"education","lineage":["https://openalex.org/I56125125"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Fernando Santos","raw_affiliation_strings":["CISeD\u2014Research Centre in Digital Services, Instituto Polit\u00e9cnico de Viseu, 3504-510 Viseu, Portugal"],"raw_orcid":"https://orcid.org/0000-0003-1551-4111","affiliations":[{"raw_affiliation_string":"CISeD\u2014Research Centre in Digital Services, Instituto Polit\u00e9cnico de Viseu, 3504-510 Viseu, Portugal","institution_ids":["https://openalex.org/I56125125"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089702022","display_name":"Pedro Lopes","orcid":"https://orcid.org/0000-0002-4644-5748"},"institutions":[{"id":"https://openalex.org/I56125125","display_name":"Polytechnic Institute of Viseu","ror":"https://ror.org/0235kxk33","country_code":"PT","type":"education","lineage":["https://openalex.org/I56125125"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Pedro Lopes","raw_affiliation_strings":["CISeD\u2014Research Centre in Digital Services, Instituto Polit\u00e9cnico de Viseu, 3504-510 Viseu, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-4644-5748","affiliations":[{"raw_affiliation_string":"CISeD\u2014Research Centre in Digital Services, Instituto Polit\u00e9cnico de Viseu, 3504-510 Viseu, Portugal","institution_ids":["https://openalex.org/I56125125"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5130312638"],"corresponding_institution_ids":["https://openalex.org/I56125125"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.66399658,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"14","issue":"4","first_page":"92","last_page":"92"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8084999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8084999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.11949999630451202,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.019899999722838402,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/unsupervised-learning","display_name":"Unsupervised learning","score":0.6033999919891357},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5663999915122986},{"id":"https://openalex.org/keywords/boosting","display_name":"Boosting (machine learning)","score":0.508400022983551},{"id":"https://openalex.org/keywords/supervised-learning","display_name":"Supervised learning","score":0.5047000050544739},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.49799999594688416},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4756999909877777},{"id":"https://openalex.org/keywords/model-selection","display_name":"Model selection","score":0.3666999936103821},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.3612000048160553},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.3490000069141388}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8029000163078308},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7111999988555908},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6735000014305115},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.6033999919891357},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5663999915122986},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.508400022983551},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.5047000050544739},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.49799999594688416},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4756999909877777},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3707999885082245},{"id":"https://openalex.org/C93959086","wikidata":"https://www.wikidata.org/wiki/Q6888345","display_name":"Model selection","level":2,"score":0.3666999936103821},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.3612000048160553},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.3490000069141388},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.32839998602867126},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.31859999895095825},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.3183000087738037},{"id":"https://openalex.org/C2778924833","wikidata":"https://www.wikidata.org/wiki/Q7064603","display_name":"Novelty detection","level":3,"score":0.30959999561309814},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.30390000343322754},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.29829999804496765},{"id":"https://openalex.org/C58973888","wikidata":"https://www.wikidata.org/wiki/Q1041418","display_name":"Semi-supervised learning","level":2,"score":0.29739999771118164},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.2962000072002411},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.2935999929904938},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.2824999988079071},{"id":"https://openalex.org/C70153297","wikidata":"https://www.wikidata.org/wiki/Q5591907","display_name":"Gradient boosting","level":3,"score":0.2777999937534332},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.274399995803833},{"id":"https://openalex.org/C5274069","wikidata":"https://www.wikidata.org/wiki/Q2285707","display_name":"Categorical variable","level":2,"score":0.26159998774528503},{"id":"https://openalex.org/C179717631","wikidata":"https://www.wikidata.org/wiki/Q2991667","display_name":"Multilayer perceptron","level":3,"score":0.2596000134944916},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.25130000710487366}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/computation14040092","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computation14040092","pdf_url":"https://www.mdpi.com/2079-3197/14/4/92/pdf?version=1776239500","source":{"id":"https://openalex.org/S2738402919","display_name":"Computation","issn_l":"2079-3197","issn":["2079-3197"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computation","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:771c1cbaa6fc48c095aad458aed3bc5d","is_oa":true,"landing_page_url":"https://doaj.org/article/771c1cbaa6fc48c095aad458aed3bc5d","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computation, Vol 14, Iss 4, p 92 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/computation14040092","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computation14040092","pdf_url":"https://www.mdpi.com/2079-3197/14/4/92/pdf?version=1776239500","source":{"id":"https://openalex.org/S2738402919","display_name":"Computation","issn_l":"2079-3197","issn":["2079-3197"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computation","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.49830004572868347,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G2788293928","display_name":"Centre for Research in Digital Services","funder_award_id":"UIDB/05583/2020","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"},{"id":"https://openalex.org/G6956222374","display_name":null,"funder_award_id":"UIDB/05583/2020","funder_id":"https://openalex.org/F4320328362","funder_display_name":"Instituto Polit\u00e9cnico de Viseu"}],"funders":[{"id":"https://openalex.org/F4320328362","display_name":"Instituto Polit\u00e9cnico de Viseu","ror":"https://ror.org/0235kxk33"},{"id":"https://openalex.org/F4320334779","display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","ror":"https://ror.org/00snfqn58"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7154454170.pdf","grobid_xml":"https://content.openalex.org/works/W7154454170.grobid-xml"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W2335999708","https://openalex.org/W2789828921","https://openalex.org/W2808779485","https://openalex.org/W2981731882","https://openalex.org/W3155912831","https://openalex.org/W3170851865","https://openalex.org/W4322746233","https://openalex.org/W4392516435","https://openalex.org/W4399520632","https://openalex.org/W4399896140","https://openalex.org/W4407748690"],"related_works":[],"abstract_inverted_index":{"The":[0,46,76,90],"escalating":[1],"complexity":[2],"of":[3,10,28,31,101,106,169],"network":[4,41,44,183],"infrastructures":[5],"and":[6,16,35,51,58,67,103,117,134,173,178],"the":[7,29,87,145,148,167],"increasing":[8],"sophistication":[9],"cyber":[11],"threats":[12,116],"require":[13],"increasingly":[14],"robust":[15],"automated":[17],"Intrusion":[18],"Detection":[19],"Systems":[20],"(IDS).":[21],"This":[22],"article":[23],"presents":[24],"a":[25,95,99,104],"comparative":[26],"investigation":[27],"effectiveness":[30,168],"various":[32],"Machine":[33],"Learning":[34,37,63],"Deep":[36,62],"architectures":[38],"in":[39,43,86,190],"detecting":[40,114],"anomalies":[42],"logs.":[45],"methodology":[47],"encompassed":[48],"classic":[49],"supervised":[50,80],"ensemble":[52],"algorithms,":[53],"such":[54,159],"as":[55,160,176],"Random":[56],"Forest":[57],"XGBoost,":[59],"to":[60,154],"sequential":[61],"approaches":[64,81],"(LSTM,":[65],"GRU)":[66],"unsupervised":[68,84,123],"models":[69,124],"based":[70,139],"on":[71,141],"latent":[72],"reconstruction":[73,142],"(VAE,":[74],"DeepLog).":[75],"results":[77],"demonstrate":[78],"that":[79,129],"significantly":[82],"outperformed":[83],"methods":[85],"analyzed":[88],"context.":[89],"optimized":[91],"XGBoost":[92],"model":[93,188],"established":[94],"performance":[96],"benchmark,":[97],"achieving":[98],"Recall":[100],"0.96":[102],"Precision":[105],"0.85,":[107],"thereby":[108],"offering":[109],"an":[110],"optimal":[111],"balance":[112],"between":[113,132],"rare":[115],"minimizing":[118],"false":[119],"alarms.":[120],"In":[121,162],"contrast,":[122],"revealed":[125],"critical":[126,182],"limitations,":[127],"suggesting":[128],"statistical":[130],"mimicry":[131],"normal":[133],"anomalous":[135],"traffic":[136],"hinders":[137],"detection":[138],"solely":[140],"error.":[143],"Additionally,":[144],"study":[146],"documents":[147],"technical":[149],"interoperability":[150],"challenges":[151],"when":[152],"attempting":[153],"integrate":[155],"state-of-the-art":[156],"language":[157],"models,":[158],"BERT.":[161],"conclusion,":[163],"this":[164],"work":[165],"validates":[166],"Gradient":[170],"Boosting":[171],"algorithms":[172],"recurrent":[174],"networks":[175],"viable":[177],"scalable":[179],"solutions":[180],"for":[181,187],"security,":[184],"providing":[185],"guidelines":[186],"selection":[189],"real":[191],"monitoring":[192],"environments.":[193]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2026-04-16T00:00:00"}