ASIC design and implementation for VoIP intrusion prevention system

Abstract

With the growing of Internet, voice over IP (VoIP) becomes more popular telephony application. VoIP is an Internet protocol, which is used for voice transmission over Internet. The main advantages of VoIP are low calling expense, low construction cost, easy scalability, and good voice quality. McAfee Labs pointed out that VoIP technology is still very progressive, but VoIP defense strategies are lagging far behind. Therefore, VoIP attack is a very serious problem. Voice over IP Security Alliance (VOIPSA) proposed that Intrusion Detection/ Prevention Systems are useful to find unusual behaviour from VoIP traffic. In this paper, the ASIC design and implementation for VoIP Intrusion Prevention System (IPS) with hierarchical architecture of Statistical Anomaly-based Detection (SAD) and Stateful Protocol Anomaly Detection (SPAD) modules is proposed. SAD is used to offload SPAD loading to increase VoIP IPS processing performance. And Profile Analysis (PA) module is proposed to decrease SAD false positive ratio by updating SAD profile threshold based on SPAD results. If attack traffic is 10% of all traffic, the processing speed of VoIP IPS system will increases 8.89% than the system without SAD module. And 60% attack traffic will increase about 50% processing speed. VoIP IPS throughput can achieve up to 2.66Gbps.