Fuzzy logic aided intelligent threat detection in CiSCo adaptive security appliance 5500 series firewalls

Nitin Naik, Paul Jenkins, Brian Kerby, Joseph Sloane, Longzhi Yang

Research output: Chapter in Book/Published conference outputConference publication

Abstract

Cisco Adaptive Security Appliance (ASA) 5500 Series Firewall is amongst the most popular and technically advanced for securing organisational networks and systems. One of its most valuable features is its threat detection function which is available on every version of the firewall running a software version of 8.0(2) or higher. Threat detection operates at layers 3 and 4 to determine a baseline for network traffic, analysing packet drop statistics and generating threat reports based on traffic patterns. Despite producing a large volume of statistical information relating to several security events, further effort is required to mine and visually report more significant information and conclude the security status of the network. There are several commercial off-the-shelf tools available to undertake this task, however, they are expensive and may require a cloud subscription. Furthermore, if the information transmitted over the network is sensitive or requires confidentiality, the involvement of a third party or a third-party tool may place organisational security at risk. Therefore, this paper presents a fuzzy logic aided intelligent threat detection solution, which is a cost-free, intuitive and comprehensible solution, enhancing and simplifying the threat detection process for all. In particular, it employs a fuzzy reasoning system based on the threat detection statistics, and presents results/threats through a developed dashboard user interface, for ease of understanding for administrators and users. The paper further demonstrates the successful utilisation of a fuzzy reasoning system for selected and prioritised security events in basic threat detection, although it can be extended to encompass more complex situations, such as complete basic threat detection, advanced threat detection, scanning threat detection, and customised feature based threat detection.

Original languageEnglish
Title of host publication2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings
PublisherIEEE
ISBN (Electronic)9781509060207
DOIs
Publication statusPublished - 12 Oct 2018
Event2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Rio de Janeiro, Brazil
Duration: 8 Jul 201813 Jul 2018

Publication series

NameIEEE International Conference on Fuzzy Systems
Volume2018-July
ISSN (Print)1098-7584

Conference

Conference2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018
Country/TerritoryBrazil
CityRio de Janeiro
Period8/07/1813/07/18

Fingerprint

Dive into the research topics of 'Fuzzy logic aided intelligent threat detection in CiSCo adaptive security appliance 5500 series firewalls'. Together they form a unique fingerprint.

Cite this