Artificial Intelligence in Modern Firewalls : Role of Artificial Intelligence in Network Security
Ahmad, Wajeh (2025)
2025
Tietotekniikan DI-ohjelma - Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2025-01-29
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202411059900
https://urn.fi/URN:NBN:fi:tuni-202411059900
Tiivistelmä
This thesis explores the role and impact of Artificial Intelligence on the design of modern firewalls due to the advancement of Artificial Intelligence (AI), particularly how AI-based methods transcend the barriers of the traditional rule-based approaches and enhance overall network security. The research traces the evolution of firewalls over time and highlights the necessity for more advanced security measures. It also outlines the progress of AI, setting the stage for a deep dive into the role of AI in security systems.
The research critically assesses the limitation of conventional firewalls, such as their inability to detect zero-day attacks and their vulnerability to inspect encrypted traffic. It is investigated that how machine learning techniques, such as shallow neural networks or decision trees, can complement network security by aiding the firewall’s decision making and automatically classifying network packets. Furthermore, the thesis demonstrates the application of intrusion detection systems in cyberspace by employing machine learning, normal distribution, clustering, and t-plotting that can facilitate prevention and/or detection of such malicious attacks.
In addition, the thesis investigates the suitability of Explainable AI (XAI) to explain and make understandable AI based firewall decisions. It also highlights the difficulties and constraints of AI-centric firewalls, like the fact that they require a large set of data, the need of removing biases from such data, as well as taking privacy into account when using these capabilities, pushing further research on development of robust training methodologies and privacy-preserving approaches. The thesis features two prominent case studies: Google Chronicle Security Operations Platform, and Darktrace Enterprise Immune System. These case-studies highlight AI can be put to practical use for improving the abilities of threat detection, investigation and response.
The thesis concludes by highlighting the significant progress made in integrating AI into contemporary firewalls, such that they can start learning proactively against continuous adapting cyber threat landscape. The report concludes by suggesting for more research to be done in the refining of AI algorithms, the investigation into reinforcement learning, and adding user and entity behavior analytics (UEBA) onto models as well as continuing the process of creating explainable AI models. The findings from this work will contribute to a greater understanding of AI-powered network security and offer direction for those looking at how they might develop more resilient firewalls in the future both in practice as well as in research.
The research critically assesses the limitation of conventional firewalls, such as their inability to detect zero-day attacks and their vulnerability to inspect encrypted traffic. It is investigated that how machine learning techniques, such as shallow neural networks or decision trees, can complement network security by aiding the firewall’s decision making and automatically classifying network packets. Furthermore, the thesis demonstrates the application of intrusion detection systems in cyberspace by employing machine learning, normal distribution, clustering, and t-plotting that can facilitate prevention and/or detection of such malicious attacks.
In addition, the thesis investigates the suitability of Explainable AI (XAI) to explain and make understandable AI based firewall decisions. It also highlights the difficulties and constraints of AI-centric firewalls, like the fact that they require a large set of data, the need of removing biases from such data, as well as taking privacy into account when using these capabilities, pushing further research on development of robust training methodologies and privacy-preserving approaches. The thesis features two prominent case studies: Google Chronicle Security Operations Platform, and Darktrace Enterprise Immune System. These case-studies highlight AI can be put to practical use for improving the abilities of threat detection, investigation and response.
The thesis concludes by highlighting the significant progress made in integrating AI into contemporary firewalls, such that they can start learning proactively against continuous adapting cyber threat landscape. The report concludes by suggesting for more research to be done in the refining of AI algorithms, the investigation into reinforcement learning, and adding user and entity behavior analytics (UEBA) onto models as well as continuing the process of creating explainable AI models. The findings from this work will contribute to a greater understanding of AI-powered network security and offer direction for those looking at how they might develop more resilient firewalls in the future both in practice as well as in research.