KIT | KIT-Bibliothek | Impressum | Datenschutz

Towards Application of Cuckoo Filters in Network Security Monitoring

Grashöfer, Jan; Jacob, Florian ORCID iD icon; Hartenstein, Hannes


In this paper, we study the feasibility of applying the recently proposed cuckoo filters to improve space efficiency for set membership testing in Network Security Monitoring, focusing on the example of Threat Intelligence matching. We present conceptual insights for the practical application of cuckoo filters and provide a cuckoo filter implementation that allows runtime configuration. To evaluate the practical applicability of cuckoo filters, we integrate our implementation into the Bro Network Security Monitor, compare it to traditional data structures and conduct a brief operational evaluation. We find that cuckoo filters allow remarkable memory savings, while potential performance trade-offs, caused by introducing false positives, have to be carefully evaluated on a case-by-case basis.

Postprint §
DOI: 10.5445/IR/1000089165
Veröffentlicht am 08.01.2019
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsdatum 24.12.2018
Sprache Englisch
Identifikator ISBN: 978-3-9031-7614-0
KITopen-ID: 1000089165
Erschienen in 14th International Conference on Network and Service Management (CNSM), Rome, Italy, Nov. 5 - Nov. 9, 2018
Veranstaltung 14th International Conference on Network and Service Management (2018), Rom, Italien, 05.11.2018 – 09.11.2018
Verlag Institute of Electrical and Electronics Engineers (IEEE)
Seiten 373-377
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page