Classification of Firewall Log Data Using Multiclass Machine Learning Models

These days, we are witnessing unprecedented challenges to network security. This indeed confirms that network security has become increasingly important. Firewall logs are important sources of evidence, but they are still difficult to analyze. Artificial Intelligence (AI), Machine Learning (ML), and...

Full description

Saved in:
Bibliographic Details
Published in:Electronics (Basel) 2022-06, Vol.11 (12), p.1851
Main Authors: Aljabri, Malak, Alahmadi, Amal A., Mohammad, Rami Mustafa A., Aboulnour, Menna, Alomari, Dorieh M., Almotiri, Sultan H.
Format: Article
Language:English
Subjects:
Accuracy
Algorithms
Artificial intelligence
Artificial neural networks
Classification
Cybercrime
Cybersecurity
Data encryption
Data mining
Datasets
Deep learning
Empirical analysis
Experiments
Firewalls
Machine learning
Malware
Research methodology
Security
Security systems
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:These days, we are witnessing unprecedented challenges to network security. This indeed confirms that network security has become increasingly important. Firewall logs are important sources of evidence, but they are still difficult to analyze. Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL) have emerged as effective in developing robust security measures due to the fact that they have the capability to deal with complex cyberattacks in a timely manner. This work aims to tackle the difficulty of analyzing firewall logs using ML and DL by building multiclass ML and DL models that can analyze firewall logs and classify the actions to be taken in response to received sessions as “Allow”, “Drop”, “Deny”, or “Reset-both”. Two sets of empirical evaluations were conducted in order to assess the performance of the produced models. Different features set were used in each set of the empirical evaluation. Further, two extra features, namely, application and category, were proposed to enhance the performance of the proposed models. Several ML and DL algorithms were used for the evaluation purposes, namely, K-Nearest Neighbor (KNN), Naïve Bayas (NB), J48, Random Forest (RF) and Artificial Neural Network (ANN). One interesting reading in the experimental results is that the RF produced the highest accuracy of 99.11% and 99.64% in the first and the second experiments respectively. Yet, all other algorithms have also produced high accuracy rates which confirm that the proposed features played a significant role in improving the firewall classification rate.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics11121851