Machine Learning Approach on Multiclass Classification of Internet Firewall Log Files

• URL: http://arxiv.org/abs/2306.07997v1
• Date: Mon, 12 Jun 2023 19:04:07 GMT
• Title: Machine Learning Approach on Multiclass Classification of Internet Firewall Log Files
• Authors: Md Habibur Rahman, Taminul Islam, Md Masum Rana, Rehnuma Tasnim, Tanzina Rahman Mona, Md. Mamun Sakib
• Abstract summary: Firewalls primary function is to prevent malicious data packets from being sent. In this research, we apply various categorization algorithms to make sense of data logged by a firewall device.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Firewalls are critical components in securing communication networks by screening all incoming (and occasionally exiting) data packets. Filtering is carried out by comparing incoming data packets to a set of rules designed to prevent malicious code from entering the network. To regulate the flow of data packets entering and leaving a network, an Internet firewall keeps a track of all activity. While the primary function of log files is to aid in troubleshooting and diagnostics, the information they contain is also very relevant to system audits and forensics. Firewalls primary function is to prevent malicious data packets from being sent. In order to better defend against cyberattacks and understand when and how malicious actions are influencing the internet, it is necessary to examine log files. As a result, the firewall decides whether to 'allow,' 'deny,' 'drop,' or 'reset-both' the incoming and outgoing packets. In this research, we apply various categorization algorithms to make sense of data logged by a firewall device. Harmonic mean F1 score, recall, and sensitivity measurement data with a 99% accuracy score in the random forest technique are used to compare the classifier's performance. To be sure, the proposed characteristics did significantly contribute to enhancing the firewall classification rate, as seen by the high accuracy rates generated by the other methods.

Related papers

• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• QUIC-Exfil: Exploiting QUIC's Server Preferred Address Feature to Perform Data Exfiltration Attacks [0.259990372084357]
  We show the feasibility of a QUIC-based data exfiltration attack using the server preferred address feature of the QUIC protocol.<n>A novel method leveraging the server preferred address feature of the QUIC protocol allows an attacker to exfiltrate sensitive data from an infected machine to a malicious server.<n>The attack is implemented as a proof of concept tool in Rust.
  arXiv  Detail & Related papers  (2025-05-08T14:31:28Z)
• MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
  Classifying traffic is essential for detecting security threats and optimizing network management. We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships. MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
  arXiv  Detail & Related papers  (2024-12-19T12:52:53Z)
• Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach [0.0]
  Deep Packet Inspection (DPI) has emerged as a key technology in strengthening network security. This study proposes a novel approach that leverages a large language model (LLM) and few-shot learning. Our approach shows promising results with an average accuracy of 86.35% and F1-Score of 86.40% on different malware types.
  arXiv  Detail & Related papers  (2024-09-17T15:02:32Z)
• A Flow is a Stream of Packets: A Stream-Structured Data Approach for DDoS Detection [32.22817720403158]
  We propose a new tree-based DDoS detection approach that operates on a flow as a stream structure. Our approach matches or exceeds existing machine learning techniques' accuracy, including state-of-the-art deep learning methods.
  arXiv  Detail & Related papers  (2024-05-12T09:29:59Z)
• A Transformer-Based Framework for Payload Malware Detection and Classification [0.0]
  Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets. In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic.
  arXiv  Detail & Related papers  (2024-03-27T03:25:45Z)
• Robust Federated Learning Mitigates Client-side Training Data Distribution Inference Attacks [48.70867241987739]
  InferGuard is a novel Byzantine-robust aggregation rule aimed at defending against client-side training data distribution inference attacks. The results of our experiments indicate that our defense mechanism is highly effective in protecting against client-side training data distribution inference attacks.
  arXiv  Detail & Related papers  (2024-03-05T17:41:35Z)
• Pre-trained Encoders in Self-Supervised Learning Improve Secure and Privacy-preserving Supervised Learning [63.45532264721498]
  Self-supervised learning is an emerging technique to pre-train encoders using unlabeled data. We perform first systematic, principled measurement study to understand whether and when a pretrained encoder can address the limitations of secure or privacy-preserving supervised learning algorithms.
  arXiv  Detail & Related papers  (2022-12-06T21:35:35Z)
• Modern Cybersecurity Solution using Supervised Machine Learning [0.456877715768796]
  Traditional Firewall and Intrusion Detection system fails to detect new attacks, zero-day attacks, and traffic patterns that do not match with configured rules. We used Netflow datasets to extract features after applying data analysis. Our experiments focus on how efficient machine learning algorithms can detect Bot traffic, Malware traffic, and background traffic.
  arXiv  Detail & Related papers  (2021-09-15T22:03:50Z)
• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
  In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models. We propose a method to verify if a pre-trained model is Trojaned or benign. Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
  arXiv  Detail & Related papers  (2020-07-28T19:00:40Z)
• Detecting malicious PDF using CNN [46.86114958340962]
  Malicious PDF files represent one of the biggest threats to computer security. We propose a novel algorithm that uses an ensemble of Convolutional Neural Network (CNN) on the byte level of the file. We show, using a data set of 90000 files downloadable online, that our approach maintains a high detection rate (94%) of PDF malware.
  arXiv  Detail & Related papers  (2020-07-24T18:27:45Z)
• Key Points Estimation and Point Instance Segmentation Approach for Lane Detection [65.37887088194022]
  We propose a traffic line detection method called Point Instance Network (PINet) The PINet includes several stacked hourglass networks that are trained simultaneously. The PINet achieves competitive accuracy and false positive on the TuSimple and Culane datasets.
  arXiv  Detail & Related papers  (2020-02-16T15:51:30Z)
• Learning with Out-of-Distribution Data for Audio Classification [60.48251022280506]
  We show that detecting and relabelling certain OOD instances, rather than discarding them, can have a positive effect on learning. The proposed method is shown to improve the performance of convolutional neural networks by a significant margin.
  arXiv  Detail & Related papers  (2020-02-11T21:08:06Z)
• Detecting Network Anomalies using Rule-based machine learning within SNMP-MIB dataset [0.5156484100374059]
  This paper developed a network traffic system that relies on adopted dataset to differentiate the DOS attacks from normal traffic. The detection model is built with five Rule-based machine learning classifiers (DecisionTable, JRip, OneR, PART and ZeroR)
  arXiv  Detail & Related papers  (2020-01-18T13:05:41Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.