Firewalls are critical components in securing communication networks by screening all incoming (and occasionally exiting) data packets. Filtering is carried out by comparing incoming data packets to a set of rules designed to prevent malicious code from entering the network. To regulate the flow of data packets entering and leaving a network, an Internet firewall keeps a track of all activity. While the primary function of log files is to aid in troubleshooting and diagnostics, the information they contain is also very relevant to system audits and forensics. Firewalls primary function is to prevent malicious data packets from being sent. In order to better defend against cyberattacks and understand when and how malicious actions are influencing the internet, it is necessary to examine log files. As a result, the firewall decides whether to 'allow,' 'deny,' 'drop,' or 'reset-both' the incoming and outgoing packets. In this research, we apply various categorization algorithms to make sense of data logged by a firewall device. Harmonic mean F1 score, recall, and sensitivity measurement data with a 99% accuracy score in the random forest technique are used to compare the classifier's performance. To be sure, the proposed characteristics did significantly contribute to enhancing the firewall classification rate, as seen by the high accuracy rates generated by the other methods.

翻译：防火墙是保障通信网络安全的关键组件，通过对所有传入（及部分传出）数据包进行筛查来实现安全防护。过滤操作通过将传入数据包与一组旨在阻止恶意代码进入网络的规则进行比对来实现。为规范进出网络的数据包流量，互联网防火墙会记录所有活动日志。虽然日志文件的主要功能是辅助故障排除与诊断，但其中包含的信息对系统审计和取证分析也具有重要意义。防火墙的首要功能是阻止恶意数据包的传输。为更好地防御网络攻击并理解恶意行为影响互联网的时间与方式，有必要对日志文件进行分析。基于此，防火墙会对进出数据包做出"允许"、"拒绝"、"丢弃"或"双向重置"等决策。本研究应用多种分类算法对防火墙设备记录的日志数据进行分析。我们采用调和平均F1分数、召回率及灵敏度等指标，结合随机森林算法中99%的准确率得分进行分类器性能评估。结果表明，所提出的特征确实显著提升了防火墙分类准确率，其他方法产生的高准确率数据也证实了这一结论。