Optimizing Firewall Log File Classification with Multilayer Perceptrons
Keywords:
Cybersecurity, Feature Selection, Firewall, Imbalanced Data, Intrusion Detection Systems, Neural Network, Multiclass ClassificationAbstract
Cyber threats remain a major concern for network security and data integrity, often causing serious consequences through unauthorized access, data breaches, and malware attacks. Intrusion detection systems are essential for countering these risks by continuously monitoring and classifying network activities. This study investigates the use of multilayer perceptrons (MLPs) to optimize firewall log file classification and improve the identification of network events. Four activation functions (Linear, Sigmoid, Tanh, and ReLU) were examined to determine the optimal configuration. The MLP model consistently achieved high performance, with accuracy exceeding 99%, and the ReLU activation function demonstrated superior effectiveness. The synthetic minority oversampling technique was applied to handle class imbalance in the firewall log dataset, improving the detection accuracy of the minority reset-both class. Moreover, feature selection using XGBoost reduced the input set from eleven to five key attributes, achieving 99.84% accuracy and improving computational efficiency. Experimental evaluations confirmed that the proposed model effectively recognizes complex nonlinear relationships in network data. These results demonstrate the potential of MLPs to enhance the accuracy, efficiency, and robustness of firewall log file classification for modern intrusion detection systems
References
A. Pinto, L.-C. Herrera, Y. Donoso, and J. A. Gutierrez, “Survey on intrusion detection systems based on machine learning
techniques for the protection of critical infrastructure,” Sensors, vol. 23, no. 5, p. 2415, Feb. 2023. [Online]. Available:
https://doi.org/10.3390/s23052415
B. A. Al-Tarawneh and H. Bani-Salameh, “Classification of firewall logs actions using machine learning techniques and
deep neural network,” in the 4th International Computer Sciences and Informatics Conference (ICSIC). AIP Publishing,
, p. 050003. [Online]. Available: https://doi.org/10.1063/5.0174750
A. Korkmaz, S. Bulut, T. Talan, S. Kosunalp, and T. Iliev, “Enhancing firewall packet classification through artificial neural
networks and synthetic minority over-sampling technique: An innovative approach with evaluative comparison,” Applied
Sciences, vol. 14, no. 16, p. 7426, Aug. 2024. [Online]. Available: https://doi.org/10.3390/app14167426
S. J. Moore, F. Cruciani, C. D. Nugent, S. Zhang, I. Cleland, and S. Sani, “Deep learning for network intrusion: A
hierarchical approach to reduce false alarms,” Intelligent Systems with Applications, vol. 18, p. 200215, May 2023.
[Online]. Available: https://doi.org/10.1016/j.iswa.2023.200215
M. Patel, P. Amritha, V. B. Sudheer, and M. Sethumadhavan, “DDoS attack detection model using machine learning
algorithm in next generation firewall,” Procedia Computer Science, vol. 233, p. 175–183, 2024. [Online]. Available:
https://doi.org/10.1016/j.procs.2024.03.207
S. S. Bamber, A. V. R. Katkuri, S. Sharma, and M. Angurala, “A hybrid CNN-LSTM approach for intelligent
cyber intrusion detection system,” Computers & Security, vol. 148, p. 104146, Jan. 2025. [Online]. Available:
https://doi.org/10.1016/j.cose.2024.104146
R. A. Abed, E. K. Hamza, and A. J. Humaidi, “A modified CNN-IDS model for enhancing the efficacy
of intrusion detection system,” Measurement: Sensors, vol. 35, p. 101299, Oct. 2024. [Online]. Available:
https://doi.org/10.1016/j.measen.2024.101299
K. Suresh, K. Jayasakthi Velmurugan, R. Vidhya, S. Rahini sudha, and Kavitha, “Deep anomaly detection: A linear
one-class SVM approach for high-dimensional and large-scale data,” Applied Soft Computing, vol. 167, p. 112369, Dec.
[Online]. Available: https://doi.org/10.1016/j.asoc.2024.112369
S. Muruganandam, R. Joshi, P. Suresh, N. Balakrishna, K. H. Kishore, and S. Manikanthan, “A deep learning based
feed forward artificial neural network to predict the K-barriers for intrusion detection using a wireless sensor network,”
Measurement: Sensors, vol. 25, p. 100613, Feb. 2023. [Online]. Available: https://doi.org/10.1016/j.measen.2022.100613
J. F. Cevallos M., A. Rizzardi, S. Sicari, and A. Coen Porisini, “Deep reinforcement learning for intrusion detection in
internet of things: Best practices, lessons learnt, and open challenges,” Computer Networks, vol. 236, p. 110016, Nov.
[Online]. Available: https://doi.org/10.1016/j.comnet.2023.110016
W. Lim, K. S. C. Yong, B. T. Lau, and C. C. L. Tan, “Future of generative adversarial networks (GAN) for anomaly
detection in network security: A review,” Computers & Security, vol. 139, p. 103733, Apr. 2024. [Online]. Available:
https://doi.org/10.1016/j.cose.2024.103733
M. L. Ali, K. Thakur, S. Schmeelk, J. Debello, and D. Dragos, “Deep learning vs. machine learning for intrusion detection
in computer networks: A comparative study,” Applied Sciences, vol. 15, no. 4, p. 1903, Feb. 2025. [Online]. Available:
https://doi.org/10.3390/app15041903
K. S. Adewole, A. Jacobsson, and P. Davidsson, “Intrusion detection framework for internet of things with rule induction
for model explanation,” Sensors, vol. 25, no. 6, p. 1845, Mar. 2025. [Online]. Available: https://doi.org/10.3390/s25061845
J. Khan, R. Elfakharany, H. Saleem, M. Pathan, E. Shahzad, S. Dhou, and F. Aloul, “Can machine learning enhance
intrusion detection to safeguard smart city networks from multi-step cyberattacks?” Smart Cities, vol. 8, no. 1, p. 13, Jan.
[Online]. Available: https://doi.org/10.3390/smartcities8010013
F. Ertam and M. Kaya, “Classification of firewall log files with multiclass support vector machine,” in 2018 6th
International Symposium on Digital Forensic and Security (ISDFS). IEEE, Mar. 2018, p. 1–4. [Online]. Available:
https://doi.org/10.1109/isdfs.2018.8355382
T. Roempluk and O. Surinta, “A machine learning approach for detecting distributed denial of service attacks,” in
Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference
on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT-NCON). IEEE, Jan. 2019, p.
–149. [Online]. Available: https://doi.org/10.1109/ecti-ncon.2019.8692243
H. Al-Behadili, “Decision tree for multiclass classification of firewall access,” International Journal of Intelligent
Engineering and Systems, vol. 14, no. 3, p. 294–302, Jun. 2021. [Online]. Available: https://doi.org/10.22266/ijies2021.
25
M. Aljabri, A. A. Alahmadi, R. M. A. Mohammad, M. Aboulnour, D. M. Alomari, and S. H. Almotiri, “Classification
of firewall log data using multiclass machine learning models,” Electronics, vol. 11, no. 12, p. 1851, Jun. 2022. [Online].
Available: https://doi.org/10.3390/electronics11121851
J. M. Kizza, Firewalls. Springer International Publishing, 2024, p. 265–294. [Online]. Available: https:
//doi.org/10.1007/978-3-031-47549-8 12
R. S. Yadav and P. Likhar, Firewall: A Vital Constituent of Network Security. Springer Nature Singapore, 2024, p. 47–67.
[Online]. Available: https://doi.org/10.1007/978-981-97-0407-1 3
R. J. Shimonski, W. Schmied, T. W. Shinder, V. Chang, D. Simonis, and D. Imperatore, Firewall and DMZ Design.
Elsevier, 2003, p. 321–368. [Online]. Available: https://doi.org/10.1016/b978-193183688-3/50011-0
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and
challenges,” Cybersecurity, vol. 2, no. 1, p. 20, Jul. 2019. [Online]. Available: https://doi.org/10.1186/s42400-019-0038-7
F. A. P. Kuswara, H. H. Nuha, and V. Suryani, “Intrusion detection system using incremental learning method,” in 2023
th International Conference on Information and Communication Technology (ICoICT). IEEE, Aug. 2023, p. 588–593.
[Online]. Available: https://doi.org/10.1109/icoict58202.2023.10262799
G. Long and Z. Zhang, “PUNet: A semi-supervised anomaly detection model for network anomaly detection based on
positive unlabeled data,” Computers, Materials & Continua, vol. 81, no. 1, p. 327–343, Oct. 2024. [Online]. Available:
https://doi.org/10.32604/cmc.2024.054558
S. Ransewa, N. Elz, N. Thanon, and S. Intajag, “Anomaly detection using source port data with Shannon entropy and
EWMA control chart,” in 2018 18th International Conference on Control, Automation and Systems (ICCAS), Oct. 2018,
pp. 596–601. [Online]. Available: https://ieeexplore.ieee.org/document/8571559
V. Vapnik, “An overview of statistical learning theory,” IEEE Transactions on Neural Networks, vol. 10, no. 5, pp.
–999, 1999. [Online]. Available: https://doi.org/10.1109/72.788640
L. Oneto, S. Ridella, and D. Anguita, “Informed machine learning: Excess risk and generalization,” Neurocomputing, vol.
, p. 130521, Sep. 2025. [Online]. Available: https://doi.org/10.1016/j.neucom.2025.130521
K.-I. Funahashi, “On the approximate realization of continuous mappings by neural networks,” Neural Networks, vol. 2,
no. 3, p. 183–192, Jan. 1989. [Online]. Available: https://doi.org/10.1016/0893-6080(89)90003-8
W. Kumagai, A. Sannai, and M. Kawano, “Universal approximation with neural networks on function spaces,” Journal
of Experimental & Theoretical Artificial Intelligence, vol. 36, no. 7, p. 1089–1100, Sep. 2022. [Online]. Available:
https://doi.org/10.1080/0952813x.2022.2123563
A. Waheed, F. Subhan, M. Mohd Su’ud, and M. Mansoor Alam, “Molding robust S-box design based on linear fractional
transformation and multilayer perceptron: Applications to multimedia security,” Egyptian Informatics Journal, vol. 26, p.
, Jun. 2024. [Online]. Available: https://doi.org/10.1016/j.eij.2024.100480
I. Shomope, M. Tawalbeh, A. Al-Othman, and F. Almomani, “Predicting biohydrogen production from dark fermentation
of organic waste biomass using multilayer perceptron artificial neural network (MLP–ANN),” Computers & Chemical
Engineering, vol. 192, p. 108900, Jan. 2025. [Online]. Available: https://doi.org/10.1016/j.compchemeng.2024.108900
A. Singh, M. Imtiyaz, R. Isaac, and D. Denis, “Comparison of soil and water assessment tool (SWAT) and
multilayer perceptron (MLP) artificial neural network for predicting sediment yield in the Nagwa agricultural
watershed in Jharkhand, India,” Agricultural Water Management, vol. 104, p. 113–120, Feb. 2012. [Online]. Available:
https://doi.org/10.1016/j.agwat.2011.12.005
M. S. Tan, P.-L. Cheah, A.-V. Chin, L.-M. Looi, and S.-W. Chang, “A review on omics-based biomarkers
discovery for Alzheimer’s disease from the bioinformatics perspectives: Statistical approach vs machine learning
approach,” Computers in Biology and Medicine, vol. 139, p. 104947, Dec. 2021. [Online]. Available: https:
//doi.org/10.1016/j.compbiomed.2021.104947
R. C. Gerum, A. Erpenbeck, P. Krauss, and A. Schilling, “Sparsity through evolutionary pruning prevents
neuronal networks from overfitting,” Neural Networks, vol. 128, p. 305–312, Aug. 2020. [Online]. Available:
https://doi.org/10.1016/j.neunet.2020.05.007
O. Eric, R.-M. O. M. Gyening, O. Appiah, K. Takyi, and P. Appiahene, “Cocoa beans classification using enhanced image
feature extraction techniques and a regularized artificial neural network model,” Engineering Applications of Artificial
Intelligence, vol. 125, p. 106736, Oct. 2023. [Online]. Available: https://doi.org/10.1016/j.engappai.2023.106736
C. Wang, J. Liang, and Q. Deng, “Dynamics of heterogeneous Hopfield neural network with adaptive
activation function based on memristor,” Neural Networks, vol. 178, p. 106408, Oct. 2024. [Online]. Available:
https://doi.org/10.1016/j.neunet.2024.106408
M. Hasan, M. Rahman, M. S. Islam, W. H. Chan, Y. M. Alginahi, M. N. Kabir, S. A. Bakar, and D. Ramasamy, “Artificial
neural network modeling for predicting thermal conductivity of EG/water-based CNC nanofluid for engine cooling using
different activation functions,” Frontiers in Heat and Mass Transfer, vol. 22, no. 2, p. 537–556, May 2024. [Online].
Available: https://doi.org/10.32604/fhmt.2024.047428
S. A. A. Fazel, “Prediction of bubble departing diameter in pool boiling of mixtures by ANN using modified ReLU,”
Heliyon, vol. 10, no. 11, p. e31261, Jun. 2024. [Online]. Available: https://doi.org/10.1016/j.heliyon.2024.e31261
M. C. Cieslak, A. M. Castelfranco, V. Roncalli, P. H. Lenz, and D. K. Hartline, “t-distributed stochastic neighbor
embedding (t-SNE): A tool for eco-physiological transcriptomic analysis,” Marine Genomics, vol. 51, p. 100723, Jun.
[Online]. Available: https://doi.org/10.1016/j.margen.2019.100723
N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, “SMOTE: Synthetic minority over-sampling
technique,” Journal of Artificial Intelligence Research, vol. 16, p. 321–357, Jun. 2002. [Online]. Available:
https://doi.org/10.1613/jair.953
A. Rojarath, W. Songpan, E. Okafor, and O. Surinta, “Enhancing personality characteristics analysis with smote and
association rule mining: A case study on introverts and extroverts,” ICIC Express Letters, vol. 19, no. 6, pp. 597–606, Jun.
[Online]. Available: https://doi.org/10.24507/icicel.19.06.597
A. Rojarath, W. Songpan, and O. Surinta, “Depression classification with imbalanced data problems: Literature survey,”
Engineering Access, vol. 11, no. 2, pp. 185–199, Jun. 2025. [Online]. Available: https://doi.org/10.14456/mijet.2025.18
S. Phiphitphatphaisit and O. Surinta, “Multi-layer adaptive spatial-temporal feature fusion network for efficient
food image recognition,” Expert Systems with Applications, vol. 255, p. 124834, Dec. 2024. [Online]. Available:
https://doi.org/10.1016/j.eswa.2024.124834
A. Rabruen, P. Pokkate, O. Surinta, and S. Khruahong, “Sentiment analysis of Thai laborers’ perceptions of working
abroad: A machine learning approach using Youtube comments,” ICIC Express Letters, Part B: Applications, vol. 16,
no. 3, pp. 333–341, Mar. 2025. [Online]. Available: https://doi.org/10.24507/icicelb.16.03.333
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE
Symposium on Computational Intelligence for Security and Defense Applications (CISDA). IEEE, Jul. 2009, p. 1–6.
[Online]. Available: https://doi.org/10.1109/cisda.2009.5356528
I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and
intrusion traffic characterization,” in the 4th International Conference on Information Systems Security and Privacy
(ICISSP). SCITEPRESS - Science and Technology Publications, Jan. 2018, pp. 108–116. [Online]. Available:
https://doi.org/10.5220/0006639801080116
N. Pandey, N. S. M, M. Sumathi, I. Alam, S. Das, and R. Mondal, “Next-generation firewalls: Enhancing network security
with application-awareness,” in 2025 International Conference on Automation and Computation (AUTOCOM), mar 2025,
pp. 595–600. [Online]. Available: https://doi.org/10.1109/AUTOCOM64127.2025.10956381
A. M. Winkler and P. Sharma, “Proactive threat detection in enterprise systems using Wazuh: A MITRE
ATT&CK evaluation,” Computers & Security, vol. 159, p. 104702, Dec. 2025. [Online]. Available: https:
//doi.org/10.1016/j.cose.2025.104702
Downloads
Published
How to Cite
Issue
Section
License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.





