KIT | KIT-Bibliothek | Impressum | Datenschutz
Open Access Logo
§
Postprint
DOI: 10.5445/IR/1000089165
Veröffentlicht am 08.01.2019

Towards Application of Cuckoo Filters in Network Security Monitoring

Grashöfer, Jan; Jacob, Florian; Hartenstein, Hannes

Abstract:
In this paper, we study the feasibility of applying the recently proposed cuckoo filters to improve space efficiency for set membership testing in Network Security Monitoring, focusing on the example of Threat Intelligence matching. We present conceptual insights for the practical application of cuckoo filters and provide a cuckoo filter implementation that allows runtime configuration. To evaluate the practical applicability of cuckoo filters, we integrate our implementation into the Bro Network Security Monitor, compare it to traditional data structures and conduct a brief operational evaluation. We find that cuckoo filters allow remarkable memory savings, while potential performance trade-offs, caused by introducing false positives, have to be carefully evaluated on a case-by-case basis.


Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Jahr 2018
Sprache Englisch
Identifikator ISBN: 978-3-9031-7614-0
URN: urn:nbn:de:swb:90-891656
KITopen-ID: 1000089165
Erschienen in 14th International Conference on Network and Service Management (CNSM), Rome, Italy, Nov. 5 - Nov. 9, 2018
Veranstaltung 14th International Conference on Network and Service Management (2018), Rom, Italien, 05.11.2018 – 09.11.2018
Verlag IEEE, Piscataway, NJ
Seiten 373-377
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft KITopen Landing Page