• DocumentCode
    1717092
  • Title

    Increasing SIP firewall performance by ruleset size limitation

  • Author

    Ehlert, Sven ; Zhang, Ge ; Magedanz, Thomas

  • Author_Institution
    Fraunhofer FOKUS, Berlin
  • fYear
    2008
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    To protect SIP communication networks from attacks, especially flooding attacks like denial-of-service or message spam, intrusion detection systems (IDS) are deployed at the ingress point of the network to filter potential malicious traffic. A key issue of IDS performance is the operation of its firewall to block malicious user requests. Depending on the complexity of the firewall ruleset, filtering performance of the IDS can decrease considerably during high-load flooding situations. In this paper we propose a scheme to increase IDS firewall performance by merging several similar rules into more general ones and ignoring lesser relevant rules to limit the number of firewall rules. We formalise a mathematical model to compute new firewall rules and show exemplary with traffic from SIP VoIP communication networks how the calculation can be performed. If applied to a VoIP IDS, the scheme can increase firewall thoughput considerably, while retaining most of its effectiveness.
  • Keywords
    Internet telephony; computer networks; security of data; signalling protocols; unsolicited e-mail; SIP VoIP communication networks; SIP communication networks; SIP firewall performance; denial-of-service; firewall ruleset; flooding attacks; intrusion detection systems; malicious traffic filter; message spam; ruleset size limitation; session initiation protocol; Communication networks; Computer crime; Filtering; Filters; Floods; Intrusion detection; Mathematical model; Merging; Protection; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Personal, Indoor and Mobile Radio Communications, 2008. PIMRC 2008. IEEE 19th International Symposium on
  • Conference_Location
    Cannes
  • Print_ISBN
    978-1-4244-2643-0
  • Electronic_ISBN
    978-1-4244-2644-7
  • Type

    conf

  • DOI
    10.1109/PIMRC.2008.4699868
  • Filename
    4699868