Palo Alto 5000 Firewall Classification Pattern Based on Decision Tree and Simulated Firewall Attack

Document Type

Conference Proceeding

Publication Date

5-14-2021

Abstract

In this project, the researchers aim to build a classification model to know the Palo Alto 5000 firewall action pattern. The project first constructed the classification model based on the Classification and Regression Tree (CART) algorithm; then, the researcher will update the decision tree by choosing the best complexity parameter. Then, the researchers also built Random forest and Bagging model, and compare the performances of the models later. The CART classification model performance is excellent; the overall classification accuracy is higher than 99%. Moreover, the research also uses other different algorithms, including bagging and random forest, to increase the reset-both class's precision. Then, the research tries to use the sampling method to deal with the imbalanced class problems and build the classification models again to see whether there is any improvement. Using different sampling methods does not improve the model because of the extremely imbalanced class. Overfitting by using the maximum tree model is a better strategy rather than using sampling methods, since by experimenting, sacrificing the reset-both class is a better strategy. After knowing the model, log data are simulated based on the explanatory data analysis and decision tree. The final result shows 99% of attacked data has been allowed by the firewall.

Publication Title

2021 IEEE 3rd International Conference on Communications, Information System and Computer Engineering, CISCE 2021

First Page Number

592

Last Page Number

600

DOI

10.1109/CISCE52179.2021.9445894

This document is currently not available here.

Share

COinS