Classification of firewall logs actions using machine learning techniques and deep neural network

The analysis of firewall logs is one of the most significant practices considered while monitoring network traffic to assess their impact. The log records of the Turkish Firat University’s firewall device were analyzed using K-Nearest Neighbor (KNN), Random Forest (RF), and Deep Neural Network (DNN)...

Full description

Saved in:
Bibliographic Details
Main Authors: AL-Tarawneh, Batool A., Bani-Salameh, Hani
Format: Conference Proceeding
Language:English
Subjects:
Algorithms
Artificial neural networks
Classifiers
Communications traffic
Firewalls
Machine learning
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The analysis of firewall logs is one of the most significant practices considered while monitoring network traffic to assess their impact. The log records of the Turkish Firat University’s firewall device were analyzed using K-Nearest Neighbor (KNN), Random Forest (RF), and Deep Neural Network (DNN) classifiers. A comparison was conducted to measure the performance of the classifier in terms of accuracy, recall, precision, and F1 score. 65,532 records were examined using 12 attributes, where the action was identified as a label of these attributes because it handles the packets based on their features either allowing them to pass, blocking them, blocking their activity, or blocking the request itself. The result of this analysis indicated that the best algorithm that selects the best features according to appropriate action is Random Forest.
ISSN:0094-243X
1551-7616
DOI:10.1063/5.0174750