Sciweavers

PIMRC
2008
IEEE

Increasing SIP firewall performance by ruleset size limitation

14 years 5 months ago
Increasing SIP firewall performance by ruleset size limitation
Abstract— To protect SIP communication networks from attacks, especially flooding attacks like Denial-of-Service or message spam, Intrusion Detection Systems (IDS) are deployed at the ingress point of the network to filter potential malicious traffic. A key issue of IDS performance is the operation of its firewall to block malicious user requests. Depending on the complexity of the firewall ruleset, filtering performance of the IDS can decrease considerably during high-load flooding situations. In this paper we propose a scheme to increase IDS firewall performance by merging several similar rules into more general ones and ignoring lesser relevant rules to limit the number of firewall rules. We formalise a mathematical model to compute new firewall rules and show exemplary with traffic from SIP VoIP communication networks how the calculation can be performed. If applied to a VoIP IDS, the scheme can increase firewall thoughput considerably, while retaining most of its eff...
Sven Ehlert, Ge Zhang, Thomas Magedanz
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where PIMRC
Authors Sven Ehlert, Ge Zhang, Thomas Magedanz
Comments (0)