Optimizing Firewall Log File Classification with Multilayer Perceptrons

Authors

  • Artitayaporn Rojarath Mahasarakham University, Thailand
  • Nantanee Srisaengchan Nakhon Ratchasima Rajabhat University, Thailand
  • Saisunee Jabjone Nakhon Ratchasima Rajabhat University, Thailand
  • Suda Tipprasert Rajamangala University of Technology Isan, Thailand
  • Olarik Surinta Mahasarakham University, Thailand

Keywords:

Cybersecurity, Feature Selection, Firewall, Imbalanced Data, Intrusion Detection Systems, Neural Network, Multiclass Classification

Abstract

Cyber threats remain a major concern for network security and data integrity, often causing serious consequences through unauthorized access, data breaches, and malware attacks. Intrusion detection systems are essential for countering these risks by continuously monitoring and classifying network activities. This study investigates the use of multilayer perceptrons (MLPs) to optimize firewall log file classification and improve the identification of network events. Four activation functions (Linear, Sigmoid, Tanh, and ReLU) were examined to determine the optimal configuration. The MLP model consistently achieved high performance, with accuracy exceeding 99%, and the ReLU activation function demonstrated superior effectiveness. The synthetic minority oversampling technique was applied to handle class imbalance in the firewall log dataset, improving the detection accuracy of the minority reset-both class. Moreover, feature selection using XGBoost reduced the input set from eleven to five key attributes, achieving 99.84% accuracy and improving computational efficiency. Experimental evaluations confirmed that the proposed model effectively recognizes complex nonlinear relationships in network data. These results demonstrate the potential of MLPs to enhance the accuracy, efficiency, and robustness of firewall log file classification for modern intrusion detection systems

References

A. Pinto, L.-C. Herrera, Y. Donoso, and J. A. Gutierrez, “Survey on intrusion detection systems based on machine learning

techniques for the protection of critical infrastructure,” Sensors, vol. 23, no. 5, p. 2415, Feb. 2023. [Online]. Available:

https://doi.org/10.3390/s23052415

B. A. Al-Tarawneh and H. Bani-Salameh, “Classification of firewall logs actions using machine learning techniques and

deep neural network,” in the 4th International Computer Sciences and Informatics Conference (ICSIC). AIP Publishing,

, p. 050003. [Online]. Available: https://doi.org/10.1063/5.0174750

A. Korkmaz, S. Bulut, T. Talan, S. Kosunalp, and T. Iliev, “Enhancing firewall packet classification through artificial neural

networks and synthetic minority over-sampling technique: An innovative approach with evaluative comparison,” Applied

Sciences, vol. 14, no. 16, p. 7426, Aug. 2024. [Online]. Available: https://doi.org/10.3390/app14167426

S. J. Moore, F. Cruciani, C. D. Nugent, S. Zhang, I. Cleland, and S. Sani, “Deep learning for network intrusion: A

hierarchical approach to reduce false alarms,” Intelligent Systems with Applications, vol. 18, p. 200215, May 2023.

[Online]. Available: https://doi.org/10.1016/j.iswa.2023.200215

M. Patel, P. Amritha, V. B. Sudheer, and M. Sethumadhavan, “DDoS attack detection model using machine learning

algorithm in next generation firewall,” Procedia Computer Science, vol. 233, p. 175–183, 2024. [Online]. Available:

https://doi.org/10.1016/j.procs.2024.03.207

S. S. Bamber, A. V. R. Katkuri, S. Sharma, and M. Angurala, “A hybrid CNN-LSTM approach for intelligent

cyber intrusion detection system,” Computers & Security, vol. 148, p. 104146, Jan. 2025. [Online]. Available:

https://doi.org/10.1016/j.cose.2024.104146

R. A. Abed, E. K. Hamza, and A. J. Humaidi, “A modified CNN-IDS model for enhancing the efficacy

of intrusion detection system,” Measurement: Sensors, vol. 35, p. 101299, Oct. 2024. [Online]. Available:

https://doi.org/10.1016/j.measen.2024.101299

K. Suresh, K. Jayasakthi Velmurugan, R. Vidhya, S. Rahini sudha, and Kavitha, “Deep anomaly detection: A linear

one-class SVM approach for high-dimensional and large-scale data,” Applied Soft Computing, vol. 167, p. 112369, Dec.

[Online]. Available: https://doi.org/10.1016/j.asoc.2024.112369

S. Muruganandam, R. Joshi, P. Suresh, N. Balakrishna, K. H. Kishore, and S. Manikanthan, “A deep learning based

feed forward artificial neural network to predict the K-barriers for intrusion detection using a wireless sensor network,”

Measurement: Sensors, vol. 25, p. 100613, Feb. 2023. [Online]. Available: https://doi.org/10.1016/j.measen.2022.100613

J. F. Cevallos M., A. Rizzardi, S. Sicari, and A. Coen Porisini, “Deep reinforcement learning for intrusion detection in

internet of things: Best practices, lessons learnt, and open challenges,” Computer Networks, vol. 236, p. 110016, Nov.

[Online]. Available: https://doi.org/10.1016/j.comnet.2023.110016

W. Lim, K. S. C. Yong, B. T. Lau, and C. C. L. Tan, “Future of generative adversarial networks (GAN) for anomaly

detection in network security: A review,” Computers & Security, vol. 139, p. 103733, Apr. 2024. [Online]. Available:

https://doi.org/10.1016/j.cose.2024.103733

M. L. Ali, K. Thakur, S. Schmeelk, J. Debello, and D. Dragos, “Deep learning vs. machine learning for intrusion detection

in computer networks: A comparative study,” Applied Sciences, vol. 15, no. 4, p. 1903, Feb. 2025. [Online]. Available:

https://doi.org/10.3390/app15041903

K. S. Adewole, A. Jacobsson, and P. Davidsson, “Intrusion detection framework for internet of things with rule induction

for model explanation,” Sensors, vol. 25, no. 6, p. 1845, Mar. 2025. [Online]. Available: https://doi.org/10.3390/s25061845

J. Khan, R. Elfakharany, H. Saleem, M. Pathan, E. Shahzad, S. Dhou, and F. Aloul, “Can machine learning enhance

intrusion detection to safeguard smart city networks from multi-step cyberattacks?” Smart Cities, vol. 8, no. 1, p. 13, Jan.

[Online]. Available: https://doi.org/10.3390/smartcities8010013

F. Ertam and M. Kaya, “Classification of firewall log files with multiclass support vector machine,” in 2018 6th

International Symposium on Digital Forensic and Security (ISDFS). IEEE, Mar. 2018, p. 1–4. [Online]. Available:

https://doi.org/10.1109/isdfs.2018.8355382

T. Roempluk and O. Surinta, “A machine learning approach for detecting distributed denial of service attacks,” in

Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference

on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT-NCON). IEEE, Jan. 2019, p.

–149. [Online]. Available: https://doi.org/10.1109/ecti-ncon.2019.8692243

H. Al-Behadili, “Decision tree for multiclass classification of firewall access,” International Journal of Intelligent

Engineering and Systems, vol. 14, no. 3, p. 294–302, Jun. 2021. [Online]. Available: https://doi.org/10.22266/ijies2021.

25

M. Aljabri, A. A. Alahmadi, R. M. A. Mohammad, M. Aboulnour, D. M. Alomari, and S. H. Almotiri, “Classification

of firewall log data using multiclass machine learning models,” Electronics, vol. 11, no. 12, p. 1851, Jun. 2022. [Online].

Available: https://doi.org/10.3390/electronics11121851

J. M. Kizza, Firewalls. Springer International Publishing, 2024, p. 265–294. [Online]. Available: https:

//doi.org/10.1007/978-3-031-47549-8 12

R. S. Yadav and P. Likhar, Firewall: A Vital Constituent of Network Security. Springer Nature Singapore, 2024, p. 47–67.

[Online]. Available: https://doi.org/10.1007/978-981-97-0407-1 3

R. J. Shimonski, W. Schmied, T. W. Shinder, V. Chang, D. Simonis, and D. Imperatore, Firewall and DMZ Design.

Elsevier, 2003, p. 321–368. [Online]. Available: https://doi.org/10.1016/b978-193183688-3/50011-0

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and

challenges,” Cybersecurity, vol. 2, no. 1, p. 20, Jul. 2019. [Online]. Available: https://doi.org/10.1186/s42400-019-0038-7

F. A. P. Kuswara, H. H. Nuha, and V. Suryani, “Intrusion detection system using incremental learning method,” in 2023

th International Conference on Information and Communication Technology (ICoICT). IEEE, Aug. 2023, p. 588–593.

[Online]. Available: https://doi.org/10.1109/icoict58202.2023.10262799

G. Long and Z. Zhang, “PUNet: A semi-supervised anomaly detection model for network anomaly detection based on

positive unlabeled data,” Computers, Materials & Continua, vol. 81, no. 1, p. 327–343, Oct. 2024. [Online]. Available:

https://doi.org/10.32604/cmc.2024.054558

S. Ransewa, N. Elz, N. Thanon, and S. Intajag, “Anomaly detection using source port data with Shannon entropy and

EWMA control chart,” in 2018 18th International Conference on Control, Automation and Systems (ICCAS), Oct. 2018,

pp. 596–601. [Online]. Available: https://ieeexplore.ieee.org/document/8571559

V. Vapnik, “An overview of statistical learning theory,” IEEE Transactions on Neural Networks, vol. 10, no. 5, pp.

–999, 1999. [Online]. Available: https://doi.org/10.1109/72.788640

L. Oneto, S. Ridella, and D. Anguita, “Informed machine learning: Excess risk and generalization,” Neurocomputing, vol.

, p. 130521, Sep. 2025. [Online]. Available: https://doi.org/10.1016/j.neucom.2025.130521

K.-I. Funahashi, “On the approximate realization of continuous mappings by neural networks,” Neural Networks, vol. 2,

no. 3, p. 183–192, Jan. 1989. [Online]. Available: https://doi.org/10.1016/0893-6080(89)90003-8

W. Kumagai, A. Sannai, and M. Kawano, “Universal approximation with neural networks on function spaces,” Journal

of Experimental & Theoretical Artificial Intelligence, vol. 36, no. 7, p. 1089–1100, Sep. 2022. [Online]. Available:

https://doi.org/10.1080/0952813x.2022.2123563

A. Waheed, F. Subhan, M. Mohd Su’ud, and M. Mansoor Alam, “Molding robust S-box design based on linear fractional

transformation and multilayer perceptron: Applications to multimedia security,” Egyptian Informatics Journal, vol. 26, p.

, Jun. 2024. [Online]. Available: https://doi.org/10.1016/j.eij.2024.100480

I. Shomope, M. Tawalbeh, A. Al-Othman, and F. Almomani, “Predicting biohydrogen production from dark fermentation

of organic waste biomass using multilayer perceptron artificial neural network (MLP–ANN),” Computers & Chemical

Engineering, vol. 192, p. 108900, Jan. 2025. [Online]. Available: https://doi.org/10.1016/j.compchemeng.2024.108900

A. Singh, M. Imtiyaz, R. Isaac, and D. Denis, “Comparison of soil and water assessment tool (SWAT) and

multilayer perceptron (MLP) artificial neural network for predicting sediment yield in the Nagwa agricultural

watershed in Jharkhand, India,” Agricultural Water Management, vol. 104, p. 113–120, Feb. 2012. [Online]. Available:

https://doi.org/10.1016/j.agwat.2011.12.005

M. S. Tan, P.-L. Cheah, A.-V. Chin, L.-M. Looi, and S.-W. Chang, “A review on omics-based biomarkers

discovery for Alzheimer’s disease from the bioinformatics perspectives: Statistical approach vs machine learning

approach,” Computers in Biology and Medicine, vol. 139, p. 104947, Dec. 2021. [Online]. Available: https:

//doi.org/10.1016/j.compbiomed.2021.104947

R. C. Gerum, A. Erpenbeck, P. Krauss, and A. Schilling, “Sparsity through evolutionary pruning prevents

neuronal networks from overfitting,” Neural Networks, vol. 128, p. 305–312, Aug. 2020. [Online]. Available:

https://doi.org/10.1016/j.neunet.2020.05.007

O. Eric, R.-M. O. M. Gyening, O. Appiah, K. Takyi, and P. Appiahene, “Cocoa beans classification using enhanced image

feature extraction techniques and a regularized artificial neural network model,” Engineering Applications of Artificial

Intelligence, vol. 125, p. 106736, Oct. 2023. [Online]. Available: https://doi.org/10.1016/j.engappai.2023.106736

C. Wang, J. Liang, and Q. Deng, “Dynamics of heterogeneous Hopfield neural network with adaptive

activation function based on memristor,” Neural Networks, vol. 178, p. 106408, Oct. 2024. [Online]. Available:

https://doi.org/10.1016/j.neunet.2024.106408

M. Hasan, M. Rahman, M. S. Islam, W. H. Chan, Y. M. Alginahi, M. N. Kabir, S. A. Bakar, and D. Ramasamy, “Artificial

neural network modeling for predicting thermal conductivity of EG/water-based CNC nanofluid for engine cooling using

different activation functions,” Frontiers in Heat and Mass Transfer, vol. 22, no. 2, p. 537–556, May 2024. [Online].

Available: https://doi.org/10.32604/fhmt.2024.047428

S. A. A. Fazel, “Prediction of bubble departing diameter in pool boiling of mixtures by ANN using modified ReLU,”

Heliyon, vol. 10, no. 11, p. e31261, Jun. 2024. [Online]. Available: https://doi.org/10.1016/j.heliyon.2024.e31261

M. C. Cieslak, A. M. Castelfranco, V. Roncalli, P. H. Lenz, and D. K. Hartline, “t-distributed stochastic neighbor

embedding (t-SNE): A tool for eco-physiological transcriptomic analysis,” Marine Genomics, vol. 51, p. 100723, Jun.

[Online]. Available: https://doi.org/10.1016/j.margen.2019.100723

N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, “SMOTE: Synthetic minority over-sampling

technique,” Journal of Artificial Intelligence Research, vol. 16, p. 321–357, Jun. 2002. [Online]. Available:

https://doi.org/10.1613/jair.953

A. Rojarath, W. Songpan, E. Okafor, and O. Surinta, “Enhancing personality characteristics analysis with smote and

association rule mining: A case study on introverts and extroverts,” ICIC Express Letters, vol. 19, no. 6, pp. 597–606, Jun.

[Online]. Available: https://doi.org/10.24507/icicel.19.06.597

A. Rojarath, W. Songpan, and O. Surinta, “Depression classification with imbalanced data problems: Literature survey,”

Engineering Access, vol. 11, no. 2, pp. 185–199, Jun. 2025. [Online]. Available: https://doi.org/10.14456/mijet.2025.18

S. Phiphitphatphaisit and O. Surinta, “Multi-layer adaptive spatial-temporal feature fusion network for efficient

food image recognition,” Expert Systems with Applications, vol. 255, p. 124834, Dec. 2024. [Online]. Available:

https://doi.org/10.1016/j.eswa.2024.124834

A. Rabruen, P. Pokkate, O. Surinta, and S. Khruahong, “Sentiment analysis of Thai laborers’ perceptions of working

abroad: A machine learning approach using Youtube comments,” ICIC Express Letters, Part B: Applications, vol. 16,

no. 3, pp. 333–341, Mar. 2025. [Online]. Available: https://doi.org/10.24507/icicelb.16.03.333

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE

Symposium on Computational Intelligence for Security and Defense Applications (CISDA). IEEE, Jul. 2009, p. 1–6.

[Online]. Available: https://doi.org/10.1109/cisda.2009.5356528

I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and

intrusion traffic characterization,” in the 4th International Conference on Information Systems Security and Privacy

(ICISSP). SCITEPRESS - Science and Technology Publications, Jan. 2018, pp. 108–116. [Online]. Available:

https://doi.org/10.5220/0006639801080116

N. Pandey, N. S. M, M. Sumathi, I. Alam, S. Das, and R. Mondal, “Next-generation firewalls: Enhancing network security

with application-awareness,” in 2025 International Conference on Automation and Computation (AUTOCOM), mar 2025,

pp. 595–600. [Online]. Available: https://doi.org/10.1109/AUTOCOM64127.2025.10956381

A. M. Winkler and P. Sharma, “Proactive threat detection in enterprise systems using Wazuh: A MITRE

ATT&CK evaluation,” Computers & Security, vol. 159, p. 104702, Dec. 2025. [Online]. Available: https:

//doi.org/10.1016/j.cose.2025.104702

Published

2026-07-01

How to Cite

Rojarath, A., Srisaengchan, N., Jabjone, S., Tipprasert, S., & Surinta, O. (2026). Optimizing Firewall Log File Classification with Multilayer Perceptrons. Engineering Access, 12(2), 208–226. retrieved from https://ph02.tci-thaijo.org/index.php/mijet/article/view/256673

Issue

Section

Research Papers