Decision Tree for Multiclass Classification of Firewall Access

Abstract

Internet usage is increasing rapidly worldwide, allowing numerous connected computer objects or devices to run and communicate with mass digital information. As Internet usage becomes pervasive, attacks against them are also rising aiming to penetrate the target network and remain undiscovered. Therefore, analyzing the behavior of Internet traffic manually is not possible due to its complexity and the large number of user activity. Incoming and outgoing Internet traffic are controlled using a firewall through an automated Internet security system using a predefined set of rules. Machine learning algorithms are used for Repeated Stemanalysis of the activities on firewall devices and to control traffic on the basis of the results. However, the output models (i.e., classification models) lack explanatory power insight into the relative influence of the main factors in the classification and thus have low accuracy. In this study, a decision tree classification algorithm with a tree-structured model is used for firewall activity analysis, which produces high classification accuracy. Empirical results on firewall access with different actions were compared against six benchmark classification algorithms, namely, SVM, OneR, ANN, Multi class classifier, PSO and ZeroR, in five popular evaluation metrics. The experimental results show that the performance of the proposed classifier in all evaluation metrics is higher than the state-of-the-art classification algorithms, such as SVM, ANN, Multi class classifier, PSO, and the most related classification algorithms that provide comprehensible models (i.e., OneR and ZeroR). The proposed classifier offers interpretation ability by presenting the classification model into a tree representation, which is a further advantage.