Growing Self-Organizing Maps for Firewall Log Classification in Data Streams
Resumo
The growing volume of data and dynamic nature of computational networks present significant challenges to information security, particularly in data stream classification. This work investigates multiclass classification of real firewall logs from an academic environment. To address class imbalance, binary classification (allowed and denied actions) was performed. We propose an adaptation of the Growing Self-Organizing Map (GSOM) for streaming classification. Experiments were conducted in offline and online phases, evaluating three update strategies. The results demonstrate GSOM’s streaming adaptability and potential for classifying firewall logs in data streams.Referências
Alahakoon, D., Halgamuge, S. K., and Srinivasan, B. (2000). Dynamic self-organizing maps with controlled growth for knowledge discovery. IEEE Transactions on neural networks, 11(3):601–614.
Aljabri, M., Alahmadi, A. A., Mohammad, R. M. A., Aboulnour, M., Alomari, D. M., and Almotiri, S. H. (2022). Classification of firewall log data using multiclass machine learning models. Electronics, 11(12):1851.
Allagi, S. and Rachh, R. (2019). Analysis of network log data using machine learning. In IEEE 5th International Conference for Convergence in Technology (I2CT), pages 1–3.
Barnawi, A., Gaba, S., Alphy, A., Jabbari, A., Budhiraja, I., Kumar, V., and Kumar, N. (2023). A systematic analysis of deep learning methods and potential attacks in internet-of-things surfaces. Neural Comput. Appl., 35(25):18293–18308.
Brandt, J. and Lanzén, E. (2021). A comparative review of smote and adasyn in imbalanced data classification.
Casarotto, P. and Cerri, R. (2024). Growing self-organizing maps for multi-label classification. In Brazilian Conference on Intelligent Systems, pages 33–48. Springer.
Cauwenberghs, G. and Poggio, T. (2000). Incremental and decremental support vector machine learning. Advances in neural information processing systems, 13.
Das, M., Pratama, M., Zhang, J., and Ong, Y. S. (2020). A skip-connected evolving recurrent neural network for data stream classification under label latency scenario. In AAAI Conference on artificial intelligence, volume 34, pages 3717–3724.
Dua, M. et al. (2019). Machine learning approach to ids: A comprehensive review. In 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA), pages 117–121.
Ertam, F. and Kaya, M. (2018). Classification of firewall log files with multiclass support vector machine. In 6th International symposium on digital forensic and security (ISDFS), pages 1–4.
Gomes, H. M., Bifet, A., Read, J., Barddal, J. P., Enembreck, F., Pfharinger, B., Holmes, G., and Abdessalem, T. (2017). Adaptive random forests for evolving data stream classification. Machine Learning, 106:1469–1495.
Haripriya, D., Abou Ghaly, M., Deepak, A., Sharma, K., Chandre, S., Bajaj, K., and Shrivastava, A. (2024). A comparative study on online machine learning techniques for network traffic streams analysis. Int. J. Intell. Syst. Appl. Eng., 12(13s):09–19.
Haykin, S. (2009). Neural networks and learning machines, 3/E. Pearson Education India.
Kohonen, T. (2001). Self-organizing maps, ser. Information Sciences. Berlin: Springer, 30.
Liao, Y. and Vemuri, V. R. (2002). Use of k-nearest neighbor classifier for intrusion detection. Computers & security, 21(5):439–448.
Patgiri, R., Varshney, U., Akutota, T., and Kunde, R. (2018). An investigation on intrusion detection system using machine learning. In IEEE SSCI, pages 1684–1691.
Qu, X., Yang, L., Guo, K., Ma, L., Sun, M., Ke, M., and Li, M. (2021). A survey on the development of self-organizing maps for unsupervised intrusion detection. Mobile networks and applications, 26:808–829.
Rolemberg, T. M. (2021). Aplicação de conceitos de redes complexas para a descoberta de formação de grupos em mapas auto-organizáveis.
Sharma, D., Wason, V., and Johri, P. (2021). Optimized classification of firewall log data using heterogeneous ensemble techniques. In ICACITE, pages 368–372.
Ucar, E. and Ozhan, E. (2017). The analysis of firewall policy through machine learning and data mining. Wireless Personal Communications, 96:2891–2909.
Vasighi, M. and Amini, H. (2017). A directed batch growing approach to enhance the topology preservation of self-organizing map. Applied Soft Computing, 55:424–435.
Zheng, H., Wang, H., and Black, N. (2008). Human activity detection in smart home environment with self-adaptive neural networks. In IEEE International conference on networking, sensing and control, pages 1505–1510.
Aljabri, M., Alahmadi, A. A., Mohammad, R. M. A., Aboulnour, M., Alomari, D. M., and Almotiri, S. H. (2022). Classification of firewall log data using multiclass machine learning models. Electronics, 11(12):1851.
Allagi, S. and Rachh, R. (2019). Analysis of network log data using machine learning. In IEEE 5th International Conference for Convergence in Technology (I2CT), pages 1–3.
Barnawi, A., Gaba, S., Alphy, A., Jabbari, A., Budhiraja, I., Kumar, V., and Kumar, N. (2023). A systematic analysis of deep learning methods and potential attacks in internet-of-things surfaces. Neural Comput. Appl., 35(25):18293–18308.
Brandt, J. and Lanzén, E. (2021). A comparative review of smote and adasyn in imbalanced data classification.
Casarotto, P. and Cerri, R. (2024). Growing self-organizing maps for multi-label classification. In Brazilian Conference on Intelligent Systems, pages 33–48. Springer.
Cauwenberghs, G. and Poggio, T. (2000). Incremental and decremental support vector machine learning. Advances in neural information processing systems, 13.
Das, M., Pratama, M., Zhang, J., and Ong, Y. S. (2020). A skip-connected evolving recurrent neural network for data stream classification under label latency scenario. In AAAI Conference on artificial intelligence, volume 34, pages 3717–3724.
Dua, M. et al. (2019). Machine learning approach to ids: A comprehensive review. In 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA), pages 117–121.
Ertam, F. and Kaya, M. (2018). Classification of firewall log files with multiclass support vector machine. In 6th International symposium on digital forensic and security (ISDFS), pages 1–4.
Gomes, H. M., Bifet, A., Read, J., Barddal, J. P., Enembreck, F., Pfharinger, B., Holmes, G., and Abdessalem, T. (2017). Adaptive random forests for evolving data stream classification. Machine Learning, 106:1469–1495.
Haripriya, D., Abou Ghaly, M., Deepak, A., Sharma, K., Chandre, S., Bajaj, K., and Shrivastava, A. (2024). A comparative study on online machine learning techniques for network traffic streams analysis. Int. J. Intell. Syst. Appl. Eng., 12(13s):09–19.
Haykin, S. (2009). Neural networks and learning machines, 3/E. Pearson Education India.
Kohonen, T. (2001). Self-organizing maps, ser. Information Sciences. Berlin: Springer, 30.
Liao, Y. and Vemuri, V. R. (2002). Use of k-nearest neighbor classifier for intrusion detection. Computers & security, 21(5):439–448.
Patgiri, R., Varshney, U., Akutota, T., and Kunde, R. (2018). An investigation on intrusion detection system using machine learning. In IEEE SSCI, pages 1684–1691.
Qu, X., Yang, L., Guo, K., Ma, L., Sun, M., Ke, M., and Li, M. (2021). A survey on the development of self-organizing maps for unsupervised intrusion detection. Mobile networks and applications, 26:808–829.
Rolemberg, T. M. (2021). Aplicação de conceitos de redes complexas para a descoberta de formação de grupos em mapas auto-organizáveis.
Sharma, D., Wason, V., and Johri, P. (2021). Optimized classification of firewall log data using heterogeneous ensemble techniques. In ICACITE, pages 368–372.
Ucar, E. and Ozhan, E. (2017). The analysis of firewall policy through machine learning and data mining. Wireless Personal Communications, 96:2891–2909.
Vasighi, M. and Amini, H. (2017). A directed batch growing approach to enhance the topology preservation of self-organizing map. Applied Soft Computing, 55:424–435.
Zheng, H., Wang, H., and Black, N. (2008). Human activity detection in smart home environment with self-adaptive neural networks. In IEEE International conference on networking, sensing and control, pages 1505–1510.
Publicado
29/09/2025
Como Citar
GIARINI, Wagner Rafael; DIAS, Herbert Gonçalves; CERRI, Ricardo.
Growing Self-Organizing Maps for Firewall Log Classification in Data Streams. In: ENCONTRO NACIONAL DE INTELIGÊNCIA ARTIFICIAL E COMPUTACIONAL (ENIAC), 22. , 2025, Fortaleza/CE.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 938-949.
ISSN 2763-9061.
DOI: https://doi.org/10.5753/eniac.2025.14281.
