Skip to main content

Multiclass Classification of Firewall Log Files Using Shallow Neural Network for Network Security Applications

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 1397)


Firewalls are essential devices to protect the communication networks by means of filtering out all incoming (and sometimes outgoing) traffic packets. The filtration process is performed by matching the traffic packets against predefined rules aiming to preclude cyber-threats from getting into the network. Accordingly, the firewall system proceeds with either to “allow,” “deny,” or “drop/reset” the incoming packet. Thus, an automated smart actions’ classification process is essential for improved firewall operations. In this paper, we propose an intelligent classification model that can be employed in the firewall systems to produce proper action for every communicated packet by analyzing packet attributes using a shallow neural network (SNN). Specifically, the proposed model employs SNN with 150-neurons at the hidden layer to train and classify the Internet Firewall-2019 (IFW-2019) dataset into three classes, including: “allow, “deny,” and “drop/reset.” The experimental results exhibited our classification model's superiority, scoring an overall accuracy of 98.5% with a cross-entropy loss of 0.022 attained after 381 epochs for the 3-class classifier. Also, the proposed model was evaluated using several other evaluation metrics, including confusion matrix parameters, positive predictive value, true positive rate, harmonic mean, and false positive/negative rates. Eventually, the proposed model outperformed many other recent firewall classification systems in the same area of study.


  • Artificial intelligence (AI)
  • Shallow neural networks (SNN)
  • Network security
  • Supervised learning
  • Firewall device
  • Firewall logs
  • Classification

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. Q.A. Al-Haija, L. Tawalbeh, Autoregressive modeling and prediction of annual worldwide cybercrimes for cloud environments, in IEEE 10th International Conference on Information and Communication Systems (ICICS), pp. 47–51, 2019

    Google Scholar 

  2. W. Noonan, I. Dubrawsky, Firewall Fundamentals (Pearson Education, 2006)

    Google Scholar 

  3. G. Ranganathan, Real time anomaly detection techniques using pyspark frame work. J. Artif. Intell. 2(01), 20–30 (2020)

    Google Scholar 

  4. P. Karunakaran, Deep Learning Approach to DGA Classification for Effective Cyber Security. J. Ubiquitous Comput. Commun. Technol. (UCCT) 2(04), 203–213 (2020)

    Google Scholar 

  5. Q.A. Al-Haija, S. Zein-Sabatto, An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9(12), 2152. MDPI (2020).

  6. A. Alrawais, A. Alhothaily, C. Hu, X. Cheng, Fog computing for the Internet of Things: security and privacy issues. IEEE Internet Comput. 21, 34–42 (2017)

    Google Scholar 

  7. R. Mahmoud, T. Yousuf, F. Aloul, I. Zualkernan, Internet of things (IoT) security: current status, challenges, and prospective measures, in Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK; pp. 336–341, 2015

    Google Scholar 

  8. Q.A. Al-Haija, C.D. McCurry, S. Zein-Sabatto, A real time node connectivity algorithm for synchronous cyber physical and IoT network systems, in 2020 SoutheastCon, Raleigh, NC, USA, 2020, pp. 1–8.

  9. E. Ucar, E. Ozhan, The analysis of firewall policy through machine learning and data mining. Wirel. Pers. Commun. 96, 2891–2909 (2017)

    Google Scholar 

  10. G. Caspi, “Introducing deep learning: boosting cybersecurity with an artificial brain. Informa Tech” dark reading. Analytics (2016).

  11. Q.A. Al-Haija, C.D. McCurry, S. Zein-Sabatto, Intelligent self-reliant cyber-attacks detection and classification system for IoT communication using deep convolutional neural network, in Selected Papers from the 12th International Networking Conference. INC 2020. Lecture Notes in Networks and Systems, vol 180 (Springer, 2021)

    Google Scholar 

  12. J. Brownlee, 4 types of classification tasks in machine learning, in Python Machine Learning, Machine Learning Mastery. (2020)

    Google Scholar 

  13. S. Haykin, Neural Networks and Learning Machines, 3rd edn. (Pearson publications, 2009). ISBN-13: 978-0-13-147139-9

    Google Scholar 

  14. C.C. Aggarwal, Machine learning with shallow neural networks. Neural Networks and Deep Learning (Springer, Cham, 2019).

  15. Fei-Fei. CS231n: Convolutional Neural Networks for Visual Recognition. Computer Science, Stanford University (2019). Available online:

  16. J.S. Meneses, Z.R. Chavez, J.G. Rodriguez, Compressed kNN: K-nearest neighbors with data compression. Entropy 21(3), 234 (2019).

  17. Y.Y. Song, Y. Lu, Decision tree methods: applications for classification and prediction. Shanghai Arch Psychiatry 27(2), 130–135. PMID: 26120265; PMCID: PMC4466856. (2015)

    Google Scholar 

  18. B.A. Tama, K.H. Rhee, An extensive empirical evaluation of classifier ensembles for intrusion detection task. Int. J. Comput. Syst. Sci. Eng. 32(2), 149–158 (2017)

    Google Scholar 

  19. A. Ghose, Support vector machine (SVM) tutorial: learning SVMs from examples. Medium: Towards Data Sci. (2017)

    Google Scholar 

  20. R. Garg, Types of classification algorithms. Analytics India Mag. (2018)

    Google Scholar 

  21. F. Ertam, M. Kaya, Classification of firewall log files with multiclass support vector machine, in 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, pp. 1–4 (2019)

    Google Scholar 

  22. UCI. Machine Learning Repository, Internet Firewall Data Set. Center for Machine Learning and Intelligent Systems (2019)

    Google Scholar 

  23. Q.A. Al-Haija, A. Adebanjo, Breast cancer diagnosis in histopathological images using ResNet-50 convolutional neural network, in 2020 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), Vancouver, BC, Canada, 2020, pp. 1–7.

  24. A. Wang, Encode smarter: how to easily integrate categorical encoding into your machine learning pipeline. Feature Labs (2019).

  25. A.I. Pîrîu, M. Leonte, N. Postolachi, D.T. Gavrilut, Optimizing Cleanset Growth by Using Multi-Class Neural Networks, in 2018 20th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC) (Timisoara, Romania, 2018), pp. 425–429

    Google Scholar 

  26. A. Banjongkan et al., A comparative study of learning techniques with convolutional neural network based on HPC-workload dataset. Int. J. Mach. Learn. Comput. 10(1) (2020)

    Google Scholar 

  27. S. Allagi, R. Rachh, Analysis of network log data using machine learning,” in IEEE 5th International Conference for Convergence in Technology, India, pp. 1–3 (2019)

    Google Scholar 

  28. Q.A. Al-Haija, M. Smadi, S. Zein-Sabatto, Multi-class weather classification using ResNet-18 CNN for autonomous IoT and CPS applications, in IEEE 7th Annual Conference on Computational Science & Computational Intelligence (CSCI'20), Las Vegas, USA (2020)

    Google Scholar 

  29. K.E. Koech, Cross-entropy loss function. Medium: Towards Data Sci. (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Qasem Abu Al-Haija .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al-Haija, Q.A., Ishtaiwi, A. (2022). Multiclass Classification of Firewall Log Files Using Shallow Neural Network for Network Security Applications. In: Ranganathan, G., Fernando, X., Shi, F., El Allioui, Y. (eds) Soft Computing for Security Applications . Advances in Intelligent Systems and Computing, vol 1397. Springer, Singapore.

Download citation