16
That is especially true for big data analytics, where classification is sometimes
impossible.
- Models can be prone to overfitting, when the quality of the training data is not good
enough, or when the hyperparameters of the model are not optimal.
Advantages of supervised learning:
- When prior knowledge and experience is important, supervised learning is the best way
to create a model based on those characteristics, which will learn from experience.
- Supervised learning helps optimise the performance of our model based on what
features of the input data are selected.
- It is helpful in various real-world computational problems that other methods are
incompetent in, due to the lack of information during their training phases.
Supervised learning is the most reliable way to create models, when it is important to know
how well the algorithm used performs, how accurately it works. They are the best predictive
models for many applications, but on the other hand, they require a lot of preparation and pre-
processing of the training data so that their results are not biased or overtrained.
For anomaly detection, the problem with supervised training is that the process of assigning
labels to traffic data is very time consuming and even impossible when dealing with unknown
or novel attacks. However, unsupervised methods are not dependable as to their performance,
because there is no way for the model to validate whether the traffic is really normal or not.
2.2. Anomaly detection with machine learning: related research
There have been many innovations in the field of anomaly detection in the past few years,
using the NSL-KDD dataset. There are many unsupervised learning experiments, with
autoencoder and one-class SVM combinations [2]. Convolutional autoencoders are used by [7]
paired with a one-class SVM layer that classifies the data after the convolutional step of the
model. In [2] we can also find that one-class SVM as well as autoencoders have been also used
in self-supervised learning methodologies. One-class SVM has also been paired with
Bidirectional LSTM methods in [8]. Neural networks have been used extensively in anomaly-
based intrusion detection, as is evident in [3], and DNNs have been tested with selective
feature extraction [9].
There have been comparative studies such as our own too, in the past couple of years, namely
[10][11][12][13], and we can also find more comparisons of such research projects in review
studies [3][2]. Going beyond the NSL-KDD dataset there are many more articles, but for a
consistent view of this research topic, we will stay with those projects that use the NSL-KDD as
their dataset here. In section 5.2. Evaluation and results compared to relevant research there
is a more thorough comparison between the methods that were developed in this thesis, and
the state-of-the-art studies conducted lately, after our own results are extracted.