Classification of Firewall Log Files with Multiclass Support Vector Machine

It is very important to analyze the logs on the Firewall devices and control the internet traffic according to these analysis results. In this study, some logs obtained with the Firewall Device used at Firat University are classified using multiclass support vector machine (SVM) classifier. Linear, polynomial, sigmoid and Radial Basis Function (RBF) functions are used as the activation function for SVM classification. In order to measure the performance of the classifier, the comparison was made by finding the measurement values of sensitivity, recall and their harmonic mean F-1 Score. In this study, 65532 instances have been examined using 11 features. The feature that characterizes any personal data in the selected data has not been used. The Action attribute is selected as the class from these attributes. The "allow", "deny", "drop" and "reset-both" parameters have been implemented for the Action class. Activation functions have been tried and the SVM responses have been evaluated so as to obtain the maximum recall and precision values in the SVM classifier. It was tried to obtain the best activation function for F-1 score value. Receiver Operating Characteristic (ROC) curves were also created for each of the classes. At the end of the study, the activation functions from which the desired SVM responses are obtained are given by comparison.