Classification of Firewall Log Files withDifferent Algorithms and PerformanceAnalysis of These Algorithms

Classifying firewall log files allows analysing potential threats and decidingon appropriate rules to prevent them. Therefore, in this study, firewall log filesare classified using different classification algorithms and the performanceof the algorithms are evaluated using performance metrics. The dataset wasprepared using the log files of a firewall. It was filtered to make it free fromany personal data and consisted of 12 attributes in total and from theseattributes the action attribute was selected as the class. In the performanceevaluation, Simple Cart and NB tree algorithms made the best predictions,achieving an accuracy rate of 99.84%. Decision Stump had the worst predic-tion performance, achieving an accuracy rate of 79.68%. As the total numberof instances belonging to each of the classes in the dataset was not equal, theMatthews correlation coefficient was also used as a performance metric in theevaluations. The Simple Cart, BF tree, FT tree, J48 and NB Tree algorithmsachieved the highest average values. However, although the reset-both classwas not predicted successfully by the others, the Simple Cart algorithm madethe best predictions for it. The values of other performance metrics used inthis study also support this conclusion. Therefore, the Simple Cart algorithm is recommended for use in classifying firewall log files. However, there is aneed to develop a prefiltering and parsing approach to process different logfiles as each firewall brand creates and maintains log files in its own format.Therefore, in this study, a novel prefiltering and parsing approach has beenproposed to process log files with different structures and create structureddatasets using them.