Title :
Increasing SIP firewall performance by ruleset size limitation
Author :
Ehlert, Sven ; Zhang, Ge ; Magedanz, Thomas
Author_Institution :
Fraunhofer FOKUS, Berlin
Abstract :
To protect SIP communication networks from attacks, especially flooding attacks like denial-of-service or message spam, intrusion detection systems (IDS) are deployed at the ingress point of the network to filter potential malicious traffic. A key issue of IDS performance is the operation of its firewall to block malicious user requests. Depending on the complexity of the firewall ruleset, filtering performance of the IDS can decrease considerably during high-load flooding situations. In this paper we propose a scheme to increase IDS firewall performance by merging several similar rules into more general ones and ignoring lesser relevant rules to limit the number of firewall rules. We formalise a mathematical model to compute new firewall rules and show exemplary with traffic from SIP VoIP communication networks how the calculation can be performed. If applied to a VoIP IDS, the scheme can increase firewall thoughput considerably, while retaining most of its effectiveness.
Keywords :
Internet telephony; computer networks; security of data; signalling protocols; unsolicited e-mail; SIP VoIP communication networks; SIP communication networks; SIP firewall performance; denial-of-service; firewall ruleset; flooding attacks; intrusion detection systems; malicious traffic filter; message spam; ruleset size limitation; session initiation protocol; Communication networks; Computer crime; Filtering; Filters; Floods; Intrusion detection; Mathematical model; Merging; Protection; Telecommunication traffic;
Conference_Titel :
Personal, Indoor and Mobile Radio Communications, 2008. PIMRC 2008. IEEE 19th International Symposium on
Conference_Location :
Cannes
Print_ISBN :
978-1-4244-2643-0
Electronic_ISBN :
978-1-4244-2644-7
DOI :
10.1109/PIMRC.2008.4699868
