Active Learning and Label Spreading Semi-Supervised Learning Techniques for Detection of Firewall Actions

---

Abstract

Firewalls are essential for network security because they sort incoming traffic into several categories such as accept, deny, or drop/reset. Existing classification techniques are based on supervised learning techniques in which manual labelling on complete dataset is required. In this experimental work, we are using semi-supervised learning using the Internet Firewall-2019 dataset which contains extensive numbers and types of actual firewall log records. The proposed framework has two algorithms which are the Label Spreading that propagates labels through graphs between data points of similar attributes. In addition, it introduces a new active learning algorithm which was proposed to deal with the following kinds of problems: the reduction of false positives and threat packets received automatically in time-efficient manner. The two methods have been demonstrated to be useful in the categorizing firewall operations in experimental evaluation. Active Learning technique can be characterized by outstanding accuracy. It detects with high accuracy of 99.80% which is impressive and adaptive for cybersecurity future use.

---

Keywords

Firewall; Machine Learning; Active Learning; Label Spreading; Semi-supervised