Anomaly Detection using Generative Adversarial Networks on Firewall Log Message Data

Firewalls produce a lot of log messages while logging internet traffic through the system that they are protecting. This is a huge amount of data that can be used to find various insights. One of these insights knows if a malware attack has taken place. We treat this sequence of log messages as time series data. In this paper, we propose a Generative Adversarial Network (GAN) model based on Recurrent Neural Networks (RNN) that learns the normal behavior of the firewall, the complex spatio-temporal correlations in the data. We then apply anomaly detection techniques to detect an anomaly which can potentially be a malware.