Towards Application of Cuckoo Filters in Network Security Monitoring
Grashöfer, Jan; Jacob, Florian
; Hartenstein, Hannes
; Hartenstein, HannesAbstract:
In this paper, we study the feasibility of applying the recently proposed cuckoo filters to improve space efficiency for set membership testing in Network Security Monitoring, focusing on the example of Threat Intelligence matching. We present conceptual insights for the practical application of cuckoo filters and provide a cuckoo filter implementation that allows runtime configuration. To evaluate the practical applicability of cuckoo filters, we integrate our implementation into the Bro Network Security Monitor, compare it to traditional data structures and conduct a brief operational evaluation. We find that cuckoo filters allow remarkable memory savings, while potential performance trade-offs, caused by introducing false positives, have to be carefully evaluated on a case-by-case basis.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 24.12.2018 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-3-9031-7614-0 urn:nbn:de:swb:90-891656 KITopen-ID: 1000089165 |
| Erschienen in | 14th International Conference on Network and Service Management (CNSM), Rome, Italy, Nov. 5 - Nov. 9, 2018 |
| Veranstaltung | 14th International Conference on Network and Service Management (CNSM 2018), Rom, Italien, 05.11.2018 – 09.11.2018 |
| Verlag | Institute of Electrical and Electronics Engineers (IEEE) |
| Seiten | 373-377 |