Home | english  | Impressum | Datenschutz | Sitemap | KIT

Towards Application of Cuckoo Filters in Network Security Monitoring

Towards Application of Cuckoo Filters in Network Security Monitoring
Autor:

Grashöfer, Jan; Jacob, Florian; Hartenstein, Hannes

Links:
Quelle:

14th International Conference on Network and Service Management (CNSM), Rome, Italy

Datum: Nov. 5 - Nov. 9, 2018

In this paper, we study the feasibility of applying the recently proposed cuckoo filters to improve space efficiency for set membership testing in Network Security Monitoring, focusing on the example of Threat Intelligence matching. We present conceptual insights for the practical application of cuckoo filters and provide a cuckoo filter implementation that allows runtime configuration. To evaluate the practical applicability of cuckoo filters, we integrate our implementation into the Bro Network Security Monitor, compare it to traditional data structures and conduct a brief operational evaluation. We find that cuckoo filters allow remarkable memory savings, while potential performance trade-offs, caused by introducing false positives, have to be carefully evaluated on a case-by-case basis.