Goal

This project aims to define, identify and analyze the best machine learning algorithms as options for the customers New-Generation Firewall. The goals are specified into different areas and a MoSCoW method will be used to prioritize the activities and where the algorithm could be applied to function the best way for the areas of network health, application health and network security. The main goal of this project will focus on anomaly detection using machine learning algorithms within network health. Regarding network health, our team will focus on memory overflows, and other memory anomalies.

Methodology

In comparison of the different algorithm solutions, SVM was deployed to check whether a certain threshold was met in order to flag it as an anomaly. Regarding the data that was given, the SVM was quite solid option since the memory allocation could be used as a reference for the algorithm to check. This type of supervised learning could be applied to the NGFWs since the datasets are already known. The teaching process is the part where the algorithm is fed with data and the results are based on the labelling that is operated via script for the ML algorithm to check whether the dataset is flagged as bad or good. Other ML algorithms that were analysed included Decision Tree, Naive Bayes and Logistic regression. Our analysis is mostly based on the accuracy comparison of each algorithm.

Future development

In the future, this analysis and research is used by our customer in order to further develop their NGFW product and help their research and development teams with some analysis work. Also, it could be used as reference material when comparing differences between previously mentioned algorithms.