Network Firewall using Artificial Neural Networks
keywords: Network firewall, artificial neural networks, computer security
Today's most common firewalls are mostly rule-based. Their knowledge consists of a set of rules upon which they process received packets. They cannot do anything they have not been explicitly configured to do. This makes the system more straightforward to set up, but less flexible and less adaptive to changing circumstances. We will investigate a network firewall whose rule-base we will try to model using an artificial neural network, more specifically using a multi-layer perceptron (MLP) trained by the back-propagation algorithm. The training data are acquired from the network and we consider two possible scenarios. In Scenario 1, the user has no firewall available and the policy is deduced from the existing traffic in the network which is considered to be legitimate. In Scenario 2, the learning module is placed behind the existing firewall (or firewalls) in order to learn their behavior. In both cases, all traffic, which is recorded, contains only positive examples; however, a direct training of a MLP from a set of positive examples is impossible. We solved this problem using a synthetic generation of negative examples which led to successful learning.
mathematics subject classification 2000: 68T05 (Learning and adaptive systems), 62H30 (Classification and discrimination, cluster analysis)
reference: Vol. 32, 2013, No. 6, pp. 1312–1327