Machine learning- and deep learning-based anomaly detection in firewalls: a survey

Machine learning- and deep learning-based anomaly detection in firewalls: a survey

연구 분야: Artificial Intelligence

학회: The Journal of Supercomputing

The rapid growth of data mining has brought increasing attention to firewall anomaly detection. Firewalls serve as a frontline defense by monitoring and controlling network traffic based on predefined rules. However, managing these rules can be complex and prone to errors, leading to vulnerabilities and security risks. To address this challenge, advanced anomaly detection techniques leveraging both Machine Learning (ML) and Deep Learning (DL) have been developed specifically for firewalls. In this study, we investigate innovative ML and DL-based approaches to enhance firewall anomaly detection. We present various methodologies, analyze their effectiveness, and provide a comparative evaluation of their performance. Our findings demonstrate the strong potential of ML and DL-based models in strengthening firewall defenses. Notably, a hybrid log-based model incorporating K-means, Gaussian Mixture Model (GMM), and Bayesian GMM (BGMM) exhibited significant improvements in recall and accuracy. Furthermore, the use of GMM for positive log pruning highlights the effectiveness of unsupervised learning in refining anomaly detection within firewall log data. Our study identifies key challenges and proposes advanced AI techniques to enhance firewall anomaly detection, emphasizing the need for ongoing research and collaboration.