Abstract
One of the numerous implementations of neural networks (NN), as part of machine learning, is the modeling of network firewall rules. For this purpose, a suitable dataset containing standard traffic attributes as well as the ability of Weka software package for modeling and testing multilayer perceptrons (MLP) was used. The aim of this paper was to create and examine an NN model of Internet firewall and optimize its parameters that best simulates the operation of rules. It was found that the number of neurons in hidden layers, the learning rate, momentum, and number of epochs affect the accuracy, while the impact of percentage split and batch size can be ignored. Also, it performed an evaluation of losses of different activation functions in NN environment, with previously determined optimal parameters. Moreover, it has been shown that the following algorithms provided the highest accuracy in solving classification problems for a firewall dataset: Random Forest, J48 and MLP. From the aspect of the possibility of clustering firewall data, the paper found that the k-means algorithm showed greater accuracy and speed than the EM and DBSCAN algorithms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NIST, Guidelines on Firewalls and Firewall Policy. https://www.govinfo.gov/content/pkg/GOVPUB-C13-f52fdee3827e2f5d903fa8b4b66d4855/pdf/GOVPUB-C13-f52fdee3827e2f5d903fa8b4b66d4855.pdf. Last accessed Apr 2021
UCI – Machine Learning Repository, Internet Firewall Dataset. http://archive.ics.uci.edu/ml/datasets/Internet+Firewall+Data#. Last accessed Feb 2021
Le, T., Garcia, R., Casari, P., Östberg, P.-O.: Machine learning methods for reliable resource provisioning in edge-cloud computing: a survey. ACM Comput. Surv. 52, 1–39 (2019). https://doi.org/10.1145/3341145
SAS Data Science Blog, Which machine learning algorithm should I use? https://blogs.sas.com/content/subconsciousmusings/2020/12/09/machine-learning-algorithm-use/. Last accessed Apr 2021
Machine Learning Mastery, Understand the Impact of Learning Rate on Neural Network Performance. https://machinelearningmastery.com/understand-the-dynamics-of-learning-rate-on-deep-learning-neural-networks/. Last accessed Mar 2021
Towards Data Science, Neural Network Optimization. https://towardsdatascience.com/neural-network-optimization-7ca72d4db3e0. Last accessed Mar 2021
Quora, What does momentum mean in neural networks? https://www.quora.com/What-does-momentum-mean-in-neural-networks. Last accessed Mar 2021
Towards Data Science, Comparison of Activation Functions for Deep Neural Networks. https://towardsdatascience.com/comparison-of-activation-functions-for-deep-neural-networks-706ac4284c8a. Last accessed Mar 2021
TensorFlow. https://playground.tensorflow.org/. Last accessed Apr 2021
Valentin, K., Maly, M.: Network Firewall using artificial neural networks. Comput. Informatics. 32, 1312–1327 (2013)
Verbruggen, R.: Creating Firewall Rules with Machine Learning Techniques. https://www.ru.nl/publish/pages/769526/roland_verbruggen.pdf. Last accessed Mar 2021
Caruso, C., Malerba, D.: Clustering As an Add-on for Firewalls. https://www.witpress.com/Secure/elibrary/papers/DATA04/DATA04011FU.pdf. Last accessed Feb 2021
Lopez-Vizcaíno, M., Dafonte, C., Novoa, F.J., Garabato, D., Alvarez, M.A.: Network data unsupervised clustering to anomaly detection. MDPI Proc. 2, 1173 (2018). https://doi.org/10.3390/proceedings2181173
Bohara, A., Thakore, U., Sanders, W.H.: Intrusion Detection in Enterprise Systems by Combining and Clustering Diverse Monitor Data. ACM (2016). https://doi.org/10.1145/2898375.2898400
Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques, Elsevier. Sci. Dir. Proc. Comput. Sci. 60, 708–713 (2015)
Khunkitti, A., Chongsujjatham, P.: A rule-based training for artificial neural network packet filtering Firewall. In: 6th International Conference on Systems and Informatics (ICSAI), pp. 1010–1014 (2019). https://doi.org/10.1109/ICSAI48974.2019.9010431
Van Efferen, L., Ali-Eldin, A.M.T.: A multi-layer perceptron approach for flow-based anomaly detection. In: International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6 (2017). https://doi.org/10.1109/ISNCC.2017.8072036
Turcanik, M.: Packet filtering by artificial neural network. In: International Conference on Military Technologies (ICMT) (2015). https://doi.org/10.1109/MILTECHS.2015.7153739
Jung, Y.G., Kang, M.S., Heo, J.: Clustering performance comparison using K-means and expectation maximization algorithms. Biotechnol. Biotechnol. Equip. 28(Supp 1) (2014). https://doi.org/10.1080/13102818.2014.949045
Alldrin, N., Smith, A., Turnbull, D.: Clustering with EM and K-Means. http://cseweb.ucsd.edu/~atsmith/project1_253.pdf. Last accessed May 2021
Reyes, P.T., Villegas, C.M.: An empirical comparison of EM and K-means algorithms for binning metagenomics datasets. Ingeniare. Revista Chilena de Ingeniería. 26(Número Especial), 20–27 (2018)
Developers – Google, Clustering in Machine Learning, k-Means Advantages and Disadvantages. https://developers.google.com/machine-learning/clustering/algorithm/advantages-disadvantages. Last accessed Apr 2021
Nyikes, Z., Kovács, T.A., Tokody, D.: In situ testing of rail damages in accordance with Industry 4.0. J. Phys. Conf. Ser. (1742–6588 1742–6596). 1045, 1–6 (2018). https://doi.org/10.1088/1742-6596/1045/1/012032
Balázs, Á., Nyikes, Z., Kovács, T.A.: Building protection with composite materials application. Key Eng. Mater. (1013–9826 1662–9795). 755, 286–291 (2017). https://doi.org/10.4028/www.scientific.net/KEM.755.286
Nyikes, Z.: Digital competence and the safety awareness base on the assessments results of the Middle East-European generations. Proc. Manuf. 2351–9789(22), 916–922 (2018). https://doi.org/10.1016/j.promfg.2018.03.130
Nyikes, Z.: Contemporary digital competency review. Interdiscip. Descr. Complex Syst. (1334–4684 1334–4676). 16(1), 124–131 (2018). https://doi.org/10.7906/indecs.16.1.9
Nyikes, Z.: Creation proposal for the digital competency framework of the Middle-East European region. Key Eng. Mater. (1013–9826 1662–9795). 755, 106–111 (2017). https://doi.org/10.4028/www.scientific.net/KEM.755.106
Nyikes, Z.: Information security issues of RFID. In: Szakál, A. (ed.) SAMI 2016: IEEE 14th International Symposium on Applied Machine Intelligence and Informatics 2016, pp. 111–114. IEEE, New York (2016) ISBN:9781467387392
Nyikes, Z., Rajnai, Z.: Big Data, As Part of the critical infrastructure. In: Szakál, A. (ed.) SISY 2015, IEEE 13th International Symposium on Intelligent Systems and Informatics: Proceedings, pp. 217–222. IEEE, New York (2015) ISBN:9781467393881
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendices
4.1.1 Appendix A: Clustering – K-Means Algorithm
4.1.2 Appendix B: Clustering – EM Algorithm
4.1.3 Appendix C: Clustering – DBSCAN Algorithm
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature B.V.
About this paper
Cite this paper
Čisar, P., Popović, B., Kuk, K., Čisar, S.M., Vuković, I. (2022). Machine Learning Aspects of Internet Firewall Data. In: Kovács, T.A., Nyikes, Z., Fürstner, I. (eds) Security-Related Advanced Technologies in Critical Infrastructure Protection. NATO Science for Peace and Security Series C: Environmental Security. Springer, Dordrecht. https://doi.org/10.1007/978-94-024-2174-3_4
Download citation
DOI: https://doi.org/10.1007/978-94-024-2174-3_4
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-024-2173-6
Online ISBN: 978-94-024-2174-3
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)