Machine Learning Approach on Multiclass Classification of Internet Firewall Log Files

TL;DR

This paper explores the use of machine learning algorithms, particularly random forests, to classify firewall log files with high accuracy, aiding in cybersecurity analysis and network security management.

Contribution

The study applies various categorization algorithms to firewall logs, demonstrating that machine learning can significantly improve classification accuracy in cybersecurity contexts.

Findings

Random forest achieved 99% accuracy.

High F1 score, recall, and sensitivity in classification.

Machine learning enhances firewall log analysis.

Abstract

Firewalls are critical components in securing communication networks by screening all incoming (and occasionally exiting) data packets. Filtering is carried out by comparing incoming data packets to a set of rules designed to prevent malicious code from entering the network. To regulate the flow of data packets entering and leaving a network, an Internet firewall keeps a track of all activity. While the primary function of log files is to aid in troubleshooting and diagnostics, the information they contain is also very relevant to system audits and forensics. Firewalls primary function is to prevent malicious data packets from being sent. In order to better defend against cyberattacks and understand when and how malicious actions are influencing the internet, it is necessary to examine log files. As a result, the firewall decides whether to 'allow,' 'deny,' 'drop,' or 'reset-both' the incoming and outgoing packets. In this research, we apply various categorization algorithms to make sense of data logged by a firewall device. Harmonic mean F1 score, recall, and sensitivity measurement data with a 99% accuracy score in the random forest technique are used to compare the classifier's performance. To be sure, the proposed characteristics did significantly contribute to enhancing the firewall classification rate, as seen by the high accuracy rates generated by the other methods.