D-FRI-CiscoFirewall: Dynamic Fuzzy Rule Interpolation for Cisco ASA Firewall

摘要

Dynamic fuzzy rule interpolation (D-FRI) enhances the accuracy of sparse rule-based fuzzy reasoning via efficiently exploiting fuzzy rule interpolation to produce dynamic rules. Owing to its adaptive nature in delivering a dynamic rule base, it is particularly useful for those systems which experience frequent changes. Network security is one such area where frequent changes are quite likely due to changing network conditions and traffic. Thus, D-FRI has the potential to offer an optimised and adaptive approach for improving network security. The popular Cisco Adaptive Security Appliance (ASA) Firewall is capable of monitoring and alerting a range of common threats, by baselining the traffic of a network and analysing the statistics of dropped packets. An ASA process yields a large volume of statistical information relating to certain security events. Yet, threat detection is a rudimentary function since additional intelligence is required to automate the extraction of meaningful information for alerting the users. This could be achieved using expensive automated tools offered by a third party, but doing so may unnecessarily expose an organisation to other security threats. This paper takes a different approach, presenting a DFRI-CiscoFirewall in support of automated threat detection for Cisco ASA Firewall. Through utilising threat detection statistics, the approach can customise the detection process according to organisational requirements. It performs the relative analysis of prioritised security events and is able to predict comprehensive security situations while no matching rules are available. In particular, the approach supports the creation of a dynamic rule base, derived from changing network conditions and traffic density. Its efficacy is demonstrated by experimental evaluations.