Enhancing Firewall Packet Classification through Artificial Neural Networks and Synthetic Minority Over-Sampling Technique: An Innovative Approach with Evaluative Comparison
-
Published:2024-08-22
Issue:16
Volume:14
Page:7426
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Korkmaz Adem1ORCID, Bulut Selma2ORCID, Talan Tarık3ORCID, Kosunalp Selahattin1, Iliev Teodor4ORCID
Affiliation:
1. Department of Computer Technologies, Gönen Vocational School, Bandırma Onyedi Eylül University, Bandırma 10200, Türkiye 2. Department of Computer Technologies, Vocational School of Technical Sciences, Kırklareli University, Kırklareli 39100, Türkiye 3. Department of Computer Engineering, Faculty of Engineering and Natural Sciences, Gaziantep Islam Science and Technology University, Gaziantep 27000, Türkiye 4. Department of Telecommunications, University of Ruse, 7017 Ruse, Bulgaria
Abstract
Firewall packet classification is a critical component of network security, demanding precise and reliable methods to ensure optimal functionality. This study introduces an advanced approach that combines Artificial Neural Networks (ANNs) with various data balancing techniques, including the Synthetic Minority Over-sampling Technique (SMOTE), ADASYN, and BorderlineSMOTE, to enhance the classification of firewall packets into four distinct classes: ‘allow’, ‘deny’, ‘drop’, and ‘reset-both’. Initial experiments without data balancing revealed that while the ANN model achieved perfect precision, recall, and F1-Scores for the ‘allow’, ‘deny’, and ‘drop’ classes, it struggled to accurately classify the ‘reset-both’ class. To address this, we applied SMOTE, ADASYN, and BorderlineSMOTE to mitigate class imbalance, which led to significant improvements in overall classification performance. Among the techniques, the ANN combined with BorderlineSMOTE demonstrated superior efficacy, achieving a 97% overall accuracy and consistently high performance across all classes, particularly in the accurate classification of minority classes. In contrast, while SMOTE and ADASYN also improved the model’s performance, the results with BorderlineSMOTE were notably more balanced and reliable. This study provides a comparative analysis with existing machine learning models, highlighting the effectiveness of the proposed approach in firewall packet classification. The synthesized results validate the potential of integrating ANNs with advanced data balancing techniques to enhance the robustness and reliability of network security systems. The findings underscore the importance of addressing class imbalance in machine learning models, particularly in security-critical applications, and offer valuable insights for the design and improvement of future network security infrastructures.
Funder
European Union-NextGenerationEU, through the National Recovery and Resilience Plan of the Republic of Bulgaria
Reference49 articles.
1. Pang, B., Fu, Y., Ren, S., Shen, S., Wang, Y., Liao, Q., and Jia, Y. (2023, January 4–10). A multi-modal approach for context-aware network traffic classification. Proceedings of the ICASSP 2023—2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Rhodes Island, Greece. 2. Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment;Gupta;Neural Comput. Appl.,2017 3. DeCarlo, A.L., and Ferrell, R.G. (2023, July 10). The 5 Different Types of Firewalls Explained. SearchSecurity. Available online: https://www.techtarget.com/searchsecurity/feature/The-five-different-types-of-firewalls. 4. (2023, July 10). Indeed.com. What Is Packet Filtering? (Benefits and Types). Available online: https://www.indeed.com/career-advice/career-development/packet-filtering. 5. Khunkitti, A., and Chongsujjatham, P. (2019, January 2–4). A rule-based training for artificial neural network packet filtering Firewall. Proceedings of the 2019 6th International Conference on Systems and Informatics (ICSAI), Shanghai, China.
|
|