Data analysis of firewall logs through machine learning

Machine learning has been a topic on the rise in the last decade, thanks to its ability to perform analysis and locate unseen patterns inside huge sets of data. In particular, sets such as the logs created by all the hardware devices inside a network hold a vast amount of information that, if retrieved, can give valuable insight into the wellbeing of the network itself. The high amount of logs daily created by any network makes so that the information contained gets watered down by useless, redundant or impractical data in case someone would want to check on it. While this was previously a task painstakingly performed by a human and only after a problem occurred, this thesis proposes a machine learning based solution that take as input a subset of logs and output what is the possibility that the network is behaving in an anomalous manner. The advantage of this solution is that being conducted in real time, it allows for a human operator to be notified of a possible anomaly in the system and for it to be swiftly taken care of. Such a feature is vital when the network is being offered by a service provider that needs to be able to keep its facility running smoothly.