SiLK Tools is a suite of network ?ow tools that network analysts use to detect intru-
sions, viruses, worms, and botnets, and to analyze network performance. One tool in
SiLK is tuple ?ltering, where ?ows are ?ltered based on inclusion in a “multi-key” set
(MKset) whose unique members are composite keys whose values are from multiple
?elds in a SiLK ?ow record. We propose and evaluate a more e?cient method of im-
plementing MKset ?ltering that uses cuckoo hashes, which underlie McHugh et al.’s
cuckoo bag (cubag) suite of MKset SiLK tools. Our solution improves execution time
for ?ltering with an MKset of size k by a factor of O(logk), and decreases memory
footprints for MKset ?ltering by 50%. The solution also saves 90% of disk space for
MKset ?le storage, and adds functionality for transformations such as subnet masking
on ?ow records during MKset ?ltering.
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:NSHD.ca#10222/13049 |
Date | 25 August 2010 |
Creators | Webb, Aaron |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | English |
Detected Language | English |
Page generated in 0.0019 seconds