{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T09:11:43Z","timestamp":1776244303030,"version":"3.50.1"},"reference-count":18,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T00:00:00Z","timestamp":1776211200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Funds","award":["Ref.UIDB\/05583\/2020"],"award-info":[{"award-number":["Ref.UIDB\/05583\/2020"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computation"],"abstract":"<jats:p>The escalating complexity of network infrastructures and the increasing sophistication of cyber threats require increasingly robust and automated Intrusion Detection Systems (IDS). This article presents a comparative investigation of the effectiveness of various Machine Learning and Deep Learning architectures in detecting network anomalies in network logs. The methodology encompassed classic supervised and ensemble algorithms, such as Random Forest and XGBoost, to sequential Deep Learning approaches (LSTM, GRU) and unsupervised models based on latent reconstruction (VAE, DeepLog). The results demonstrate that supervised approaches significantly outperformed unsupervised methods in the analyzed context. The optimized XGBoost model established a performance benchmark, achieving a Recall of 0.96 and a Precision of 0.85, thereby offering an optimal balance between detecting rare threats and minimizing false alarms. In contrast, unsupervised models revealed critical limitations, suggesting that statistical mimicry between normal and anomalous traffic hinders detection based solely on reconstruction error. Additionally, the study documents the technical interoperability challenges when attempting to integrate state-of-the-art language models, such as BERT. In conclusion, this work validates the effectiveness of Gradient Boosting algorithms and recurrent networks as viable and scalable solutions for critical network security, providing guidelines for model selection in real monitoring environments.<\/jats:p>","DOI":"10.3390\/computation14040092","type":"journal-article","created":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T08:11:18Z","timestamp":1776240678000},"page":"92","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Comparative Analysis of Supervised and Unsupervised Learning for Intrusion Detection in Network Logs"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0010-1783","authenticated-orcid":false,"given":"Paulo","family":"Castro","sequence":"first","affiliation":[{"name":"Escola Superior de Tecnologia e Gest\u00e3o de Lamego, Instituto Polit\u00e9cnico de Viseu, 5100-074 Lamego, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1551-4111","authenticated-orcid":false,"given":"Fernando","family":"Santos","sequence":"additional","affiliation":[{"name":"CISeD\u2014Research Centre in Digital Services, Instituto Polit\u00e9cnico de Viseu, 3504-510 Viseu, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4644-5748","authenticated-orcid":false,"given":"Pedro","family":"Lopes","sequence":"additional","affiliation":[{"name":"CISeD\u2014Research Centre in Digital Services, Instituto Polit\u00e9cnico de Viseu, 3504-510 Viseu, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2026,4,15]]},"reference":[{"key":"ref_1","first-page":"e41569","article-title":"Artificial Intelligence Models for Log Event Analysis","volume":"2025","author":"Castro","year":"2025","journal-title":"Millenium\u2014J. Educ. Technol. Health"},{"key":"ref_2","unstructured":"Pinto, J.C.O. (2009). Sistema de Detec\u00e7\u00e3o de Intrus\u00e3o em Redes Inform\u00e1ticas. [Master\u2019s Thesis, Instituto Superior de Engenharia do Porto]."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/978-3-031-28073-3_5","article-title":"A Review of Intrusion Detection Systems Using Machine Learning: Attacks, Algorithms and Challenges","volume":"652","year":"2023","journal-title":"Lect. Notes Netw. Syst."},{"key":"ref_4","first-page":"15","article-title":"Evolution and Advancements in Intrusion Detection Systems: From Traditional Methods to Deep Learning and Federated Learning Approaches","volume":"9","author":"Ranjan","year":"2024","journal-title":"Accent Trans. Inf. Secur."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Ali, A.H., Charfeddine, M., Ammar, B., Hamed, B.B., Albalwy, F., Alqarafi, A., and Hussain, A. (2024). Unveiling Machine Learning Strategies and Considerations in Intrusion Detection Systems: A Comprehensive Survey. Front. Comput. Sci., 6.","DOI":"10.3389\/fcomp.2024.1387354"},{"key":"ref_6","first-page":"100470","article-title":"Deep Learning for Anomaly Detection in Log Data: A Survey","volume":"12","author":"Landauer","year":"2023","journal-title":"Mach. Learn. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"273","DOI":"10.52783\/pmj.v35.i3s.3891","article-title":"Comparative Analysis of Machine Learning Models for Intrusion Detection Systems","volume":"35","author":"Sharma","year":"2025","journal-title":"Panam. Math. J."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"161","DOI":"10.54254\/2753-8818\/31\/20241171","article-title":"Research on Network Intrusion Detection Based on XGBoost Algorithm and Multiple Machine Learning Algorithms","volume":"31","author":"Fan","year":"2024","journal-title":"Theor. Nat. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Dhaliwal, S.S., Nahid, A., and Abbas, R. (2018). Effective Intrusion Detection System Using XGBoost. Information, 9.","DOI":"10.3390\/info9070149"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"103498","DOI":"10.1016\/j.compind.2021.103498","article-title":"A Survey on Anomaly Detection for Technical Systems Using LSTM Networks","volume":"131","author":"Lindemann","year":"2021","journal-title":"Comput. Ind."},{"key":"ref_11","unstructured":"(2025, November 10). What Is LSTM\u2014Long Short Term Memory?\u2014GeeksforGeeks. Available online: https:\/\/www.geeksforgeeks.org\/deep-learning\/deep-learning-introduction-to-long-short-term-memory\/."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"14006","DOI":"10.1051\/e3sconf\/202454014006","article-title":"A Systematic Review on Network Intrusion Detection System Based on Machine Learning and Deep Learning Approach","volume":"540","author":"Immastephy","year":"2024","journal-title":"E3S Web Conf."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kim, J., Kim, J., Thu, H.L.T., and Kim, H. (2016, January 15\u201317). Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection. Proceedings of the 2016 International Conference on Platform Technology and Service, Jeju, Republic of Korea.","DOI":"10.1109\/PlatCon.2016.7456805"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1622","DOI":"10.1109\/COMST.2021.3075439","article-title":"Federated Learning for Internet of Things: A Comprehensive Survey","volume":"23","author":"Nguyen","year":"2021","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1016\/j.inffus.2019.12.012","article-title":"Explainable Artificial Intelligence (XAI): Concepts, Taxonomies, Opportunities and Challenges toward Responsible AI","volume":"58","author":"Bennetot","year":"2020","journal-title":"Inf. Fusion"},{"key":"ref_16","first-page":"102419","article-title":"Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study","volume":"50","author":"Ferrag","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018, January 22\u201324). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy ICISSP, Funchal, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_18","unstructured":"Alaref, A. (2025, October 20). Hash Encoding (Or Feature Hashing). Available online: https:\/\/www.kaggle.com\/code\/adnanalaref\/hash-encoding-or-feature-hashing."}],"container-title":["Computation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-3197\/14\/4\/92\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T08:35:17Z","timestamp":1776242117000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-3197\/14\/4\/92"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,15]]},"references-count":18,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2026,4]]}},"alternative-id":["computation14040092"],"URL":"https:\/\/doi.org\/10.3390\/computation14040092","relation":{},"ISSN":["2079-3197"],"issn-type":[{"value":"2079-3197","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,15]]}}}