robhta
commented
4 months ago I find the question interesting; I have already asked myself the same question, and my conclusion is that it depends on the perspective. The authors themselves write that the unsupervised training mode of GraphSAGE is inappropriate for the task, and therefore, supervised training is used. In the discussion, the authors call the method unsupervised but describe it as semi-supervised. Self-supervised fits as a description since the classification withholds information for learning derived from the original data.
Therefore: A supervised setup is used in the training, but it gets by with information from the raw data, hence self-supervised training. Regarding attack detection, the system manages without attack knowledge and can therefore be seen as Unsupervised Attack Detection. I disagree least with Semi-Supervised (which is mentioned in the latest version of IEEE-Xplore), as I would think it learns with a few attack examples, which it does not.
Can you follow the reasoning? Comments and corrections are welcome!
I would like to ask what kind of supervision the ThreaTrace algorithm is? Is it self-supervised?