Low-power bloom filter architecture for deep packet inspection

Bloom filters are frequently used to identify malicious content like viruses in high speed networks. However, architectures proposed to implement Bloom filters are not power efficient. In this letter, we propose a new Bloom filter architecture that exploits the well-known pipelining technique. Through power analysis we show that pipelining can reduce the power consumption of Bloom filters up to 90%, which leads to the energy-efficient implementation of intrusion detection systems. © 2006 IEEE

Data Leak Detection As a Service: Challenges and Solutions

We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of specialized digests are needed. Our technique – referred to as the fuzzy fingerprint – can be used to detect accidental data leaks due to human errors or application flaws. The privacy-preserving feature of our algorithms minimizes the exposure of sensitive data and enables the data owner to safely delegate the detection to others.We describe how cloud providers can offer their customers data-leak detection as an add-on service with strong privacy guarantees. We perform extensive experimental evaluation on the privacy, efficiency, accuracy and noise tolerance of our techniques. Our evaluation results under various data-leak scenarios and setups show that our method can support accurate detection with very small number of false alarms, even when the presentation of the data has been transformed. It also indicates that the detection accuracy does not degrade when partial digests are used. We further provide a quantifiable method to measure the privacy guarantee offered by our fuzzy fingerprint framework

A Bloom Filter-Based Monitoring Station for a Lawful Interception Platform

Lawful Interception (LI) is a fundamental tool in today's Police investigations.Therefore, it is important to make it as quickly and securely as possible as well as a reasonable cost per suspect. This makes traffic capture in aggregation links quite attractive, although this implies high wirespeeds which require the use of specific hardware-based architectures. This paper proposes a novel Bloom Filter-based monitoring station architecture for efficient packet capture in aggregation links. With said Bloom filter, we filter out most of the packets in the link and capture only those belonging to lawful interception wiretaps. Next, we present an FPGA-based implementation of said architecture and obtain the maximum capture rate achievable by injecting traffic through four parallel Gigabit Ethernet lines. Finally, we identify the limitations of our current design and suggest the possibility of further extending it to higher wirespeeds.- Best Paper AwardThe work presented in this paper has been funded by the INDECT project grant number FP7-ICT-218086, and the Spanish CramNet project (grant no. TEC2012-38362-C03-01).European Community's Seventh Framework Progra

A scalable bloom filter based prefilter and hardware-oriented predispatcher

Presented in this paper a scalable bloom filter based prefilter and a hardware-oriented predispatcher pattern matching mechanism for content filtering applications, which are scalable in terms of speed, the number of patterns and the pattern length. Prefilter algorithm is based on a memory efficient multi-hashing data structure called bloom filter. According to the statistics of simulations, the filter ratio can reach up to 60% if the whole engine has been trained well. It has been showed that this engine could enhance the capabilities of general-purpose IDS solutions

Energy-efficient pipelined bloom filters for network intrusion detection

This document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available