Data Stream Mining to Predict Recommended Actions for Firewall Network Traffic

Resumo

The advance of the Internet has led to an increase in the continuous generation of data, exacerbating challenges related to cybersecurity. In this context, firewalls play a crucial role in protecting networks from threats, organizing log records based on specific rules that reflect organizational policies. However, updating these rules is complex, and improper configurations or decisions can compromise security. Related works that use traditional Machine Learning approaches often rely on static datasets, requiring new training cycles to incorporate changes, which is not feasible in dynamic network traffic scenarios. In this work, we develop methods to apply the known MINAS and CluStream data stream algorithms to predict recommended actions (Allow, Deny, Drop, and Reset-Both) in network traffic captured by firewalls. While CluStream is an incremental algorithm, MINAS combines incremental learning with novelty detection, essential features in data stream scenarios where patterns can change abruptly or gradually. Experiments conducted demonstrate that both algorithms showed distinct results in the data stream, with satisfactory performance across different metrics throughout the experiments.