Machine Learning Approach on Multiclass Classification of Internet
Firewall Log Files
- URL: http://arxiv.org/abs/2306.07997v1
- Date: Mon, 12 Jun 2023 19:04:07 GMT
- Title: Machine Learning Approach on Multiclass Classification of Internet
Firewall Log Files
- Authors: Md Habibur Rahman, Taminul Islam, Md Masum Rana, Rehnuma Tasnim,
Tanzina Rahman Mona, Md. Mamun Sakib
- Abstract summary: Firewalls primary function is to prevent malicious data packets from being sent.
In this research, we apply various categorization algorithms to make sense of data logged by a firewall device.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Firewalls are critical components in securing communication networks by
screening all incoming (and occasionally exiting) data packets. Filtering is
carried out by comparing incoming data packets to a set of rules designed to
prevent malicious code from entering the network. To regulate the flow of data
packets entering and leaving a network, an Internet firewall keeps a track of
all activity. While the primary function of log files is to aid in
troubleshooting and diagnostics, the information they contain is also very
relevant to system audits and forensics. Firewalls primary function is to
prevent malicious data packets from being sent. In order to better defend
against cyberattacks and understand when and how malicious actions are
influencing the internet, it is necessary to examine log files. As a result,
the firewall decides whether to 'allow,' 'deny,' 'drop,' or 'reset-both' the
incoming and outgoing packets. In this research, we apply various
categorization algorithms to make sense of data logged by a firewall device.
Harmonic mean F1 score, recall, and sensitivity measurement data with a 99%
accuracy score in the random forest technique are used to compare the
classifier's performance. To be sure, the proposed characteristics did
significantly contribute to enhancing the firewall classification rate, as seen
by the high accuracy rates generated by the other methods.
Related papers
- A Flow is a Stream of Packets: A Stream-Structured Data Approach for DDoS Detection [32.22817720403158]
We propose a new tree-based DDoS detection approach that operates on a flow as a stream structure.
Our approach matches or exceeds existing machine learning techniques' accuracy, including state-of-the-art deep learning methods.
arXiv Detail & Related papers (2024-05-12T09:29:59Z) - A Transformer-Based Framework for Payload Malware Detection and Classification [0.0]
Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets.
In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic.
arXiv Detail & Related papers (2024-03-27T03:25:45Z) - Robust Federated Learning Mitigates Client-side Training Data Distribution Inference Attacks [48.70867241987739]
InferGuard is a novel Byzantine-robust aggregation rule aimed at defending against client-side training data distribution inference attacks.
The results of our experiments indicate that our defense mechanism is highly effective in protecting against client-side training data distribution inference attacks.
arXiv Detail & Related papers (2024-03-05T17:41:35Z) - Pre-trained Encoders in Self-Supervised Learning Improve Secure and
Privacy-preserving Supervised Learning [63.45532264721498]
Self-supervised learning is an emerging technique to pre-train encoders using unlabeled data.
We perform first systematic, principled measurement study to understand whether and when a pretrained encoder can address the limitations of secure or privacy-preserving supervised learning algorithms.
arXiv Detail & Related papers (2022-12-06T21:35:35Z) - ENCODE: Encoding NetFlows for Network Anomaly Detection [17.94733537757708]
Many works have used machine learning to detect network attacks using NetFlow data.
We propose an encoding algorithm that takes the frequency and context of the feature values into account.
We train several machine learning models for anomaly detection using the data encoded with our algorithm.
arXiv Detail & Related papers (2022-07-08T13:25:06Z) - Modern Cybersecurity Solution using Supervised Machine Learning [0.456877715768796]
Traditional Firewall and Intrusion Detection system fails to detect new attacks, zero-day attacks, and traffic patterns that do not match with configured rules.
We used Netflow datasets to extract features after applying data analysis.
Our experiments focus on how efficient machine learning algorithms can detect Bot traffic, Malware traffic, and background traffic.
arXiv Detail & Related papers (2021-09-15T22:03:50Z) - Information Obfuscation of Graph Neural Networks [96.8421624921384]
We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data.
We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
arXiv Detail & Related papers (2020-09-28T17:55:04Z) - Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models.
We propose a method to verify if a pre-trained model is Trojaned or benign.
Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
arXiv Detail & Related papers (2020-07-28T19:00:40Z) - Key Points Estimation and Point Instance Segmentation Approach for Lane
Detection [65.37887088194022]
We propose a traffic line detection method called Point Instance Network (PINet)
The PINet includes several stacked hourglass networks that are trained simultaneously.
The PINet achieves competitive accuracy and false positive on the TuSimple and Culane datasets.
arXiv Detail & Related papers (2020-02-16T15:51:30Z) - Learning with Out-of-Distribution Data for Audio Classification [60.48251022280506]
We show that detecting and relabelling certain OOD instances, rather than discarding them, can have a positive effect on learning.
The proposed method is shown to improve the performance of convolutional neural networks by a significant margin.
arXiv Detail & Related papers (2020-02-11T21:08:06Z) - Detecting Network Anomalies using Rule-based machine learning within
SNMP-MIB dataset [0.5156484100374059]
This paper developed a network traffic system that relies on adopted dataset to differentiate the DOS attacks from normal traffic.
The detection model is built with five Rule-based machine learning classifiers (DecisionTable, JRip, OneR, PART and ZeroR)
arXiv Detail & Related papers (2020-01-18T13:05:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.