Comparative Analysis of Supervised and Unsupervised Learning for Intrusion Detection in Network Logs

The growing complexity of network infrastructures and the sophistication of cyber threats require increasingly robust and automated Intrusion Detection Systems (IDS). This article presents a comparative investigation of the effectiveness of various Machine Learning and Deep Learning architectures in identifying anomalies in network logs. The methodology ranged from classic supervised and ensemble algorithms, such as Random Forest and XGBoost, to sequential Deep Learning approaches (LSTM, GRU) and unsupervised models based on latent reconstruction (VAE, DeepLog). The results demonstrate that supervised approaches significantly outperformed unsupervised methods in the analyzed context. The optimized XGBoost model established benchmark performance, achieving a Recall of 0.96 and a Precision of 0.85, offering an ideal balance between computational complexity and detection accuracy. This study provides valuable insights for the implementation of efficient, data-driven security monitoring in real-world institutional environments.