Prediction of TCP Firewall Action Using Different Machine Learning Models

In today's world, the issues associated with network security have increased by a tremendous amount. For instance, cyber-attacks during different types of network transmissions are one of the major problems associated with security. A Firewall can be used to provide protection against unauthorized traffic during these transmissions. Our proposed solution uses several different machine learning techniques to predict the TCP firewall action on the basis of the transmission characterisitics of the TCP model. The main idea is to study different features of a TCP transmission like Source Port, Destination Port, Elapsed Time (in seconds), NAT Source Port, NAT Destination Port. Based on the analysis performed on these features, the TCP firewall action will be classified into one of the four categories. These categories are: Allow, Deny, Drop, Reset-Both. In this project, nine different machine learning models have been trained using an available dataset. The dataset used has over 65000 rows, where each row represents a TCP transmission. Each TCP transmission has been described by around 11 different features. A few examples of machine learning models that have been used include: Decision Tree Classifier, Random Forest Classifier, XGBoost Model, and Gradient Boosting Model.