AI-Driven Dynamic Firewall Optimization Using Reinforcement Learning for Anomaly Detection and Prevention

TL;DR

This paper introduces an AI-driven framework using deep reinforcement learning to dynamically optimize firewalls, improving anomaly detection and response times in real-time network security scenarios.

Contribution

It presents a novel DRL-based approach for autonomous firewall rule adaptation, integrating anomaly detection with dynamic rule updates in a unified system.

Findings

Enhanced detection accuracy over traditional firewalls

Reduced false positive rates in anomaly detection

Faster firewall rule updates in simulated environments

Abstract

The growing complexity of cyber threats has rendered static firewalls increasingly ineffective for dynamic, real-time intrusion prevention. This paper proposes a novel AI-driven dynamic firewall optimization framework that leverages deep reinforcement learning (DRL) to autonomously adapt and update firewall rules in response to evolving network threats. Our system employs a Markov Decision Process (MDP) formulation, where the RL agent observes network states, detects anomalies using a hybrid LSTM-CNN model, and dynamically modifies firewall configurations to mitigate risks. We train and evaluate our framework on the NSL-KDD and CIC-IDS2017 datasets using a simulated software-defined network environment. Results demonstrate significant improvements in detection accuracy, false positive reduction, and rule update latency when compared to traditional signature- and behavior-based firewalls. The proposed method provides a scalable, autonomous solution for enhancing network resilience against complex attack vectors in both enterprise and critical infrastructure settings.