Classification of Firewall Log Files Using Supervised Machine Learning Techniques

1. Introduction

A firewall is a security access management point that controls access to computer networks and ensures safe network connectivity. A network firewall is a device or collection of systems that control access between two networks - a trustworthy network and an untrusted network—by using pre-configured rules or filters by As-Suhbani et al. (2019). The outcomes of firewall rules can be audited, verified, and evaluated via monitoring. The analyzing and classifying of the firewall checks and decides the packets to pass it or not. It can improve security purposes even more by allowing based on the required protocols. Internet traffic kinds that are allowed or forbidden are specified by firewall rules. Figure 1 shows the Firewall security which allows the traffic and denies it.

Figure 1.

A phase of firewall in a network

Each firewall profile includes a set of firewall rules; these rules cannot be changed. The ability to create new rules is therefore limited to a few profiles. It is also possible to build your own rules using a profile with no predefined ones. The firewall profile will also impact how important the rules are compared to predefined rules, so make one selection carefully (Allagi et al., 2019).

Inbound traffic from the Internet to the computer or outbound traffic from the computer to the Internet can both be blocked by a firewall rule. A rule may be applied simultaneously in both directions. For instance, firewalls are security tools designed to prevent or restrict unauthorized access to intranets and other private networks connected to the Internet. Firewall policies that outline the only traffic that is permitted on the network forbid any extra traffic from connecting. At the network's front end, network firewalls act as a communication channel between internal and external devices (Ertam et al., 2018).

Without firewalls, any network service currently running on a device with a publicly visible IP - for instance, if it is linked directly to the Internet through ethernet - may become accessible to the public. Any computer network that has an internet connection is open to cyber attacks. These networks become open to hostile attacks if a firewall is not there. Some malware is built to get network access in order to access confidential information like customer information or other proprietary data like credit card numbers and bank account information (Sharma et al., 2021).

Other kinds of malware are created with the sole purpose of destroying data or bringing networks to a halt. Hackers can easily interrupt the network if it is public IP. The classification of a Firewall is far more important than attackers are less for breaching the network threats.

The survey's findings show that network engineering teams are devoting more time and effort to firewall maintenance and that their duties are becoming more difficult. According to over 45 per cent of respondents, most of these chores are still done by hand. It is challenging to keep up with everything since most teams deal with a multi-vendor environment with inherent complexity (Winding et al., 2006). The Key Findings and Trends in Firewalls are:

• •

  Increased spending on firewalls and network security

• •

  The use of several vendors has become the standard

• •

  There is a demand for firewall engineers with particular knowledge

• •

  Network automation is becoming more popular

• •

  Firewall Management to be enhanced