A Stateful Bloom Filter for Per-Flow State Monitoring

Per-flow connection state monitoring is crucial for detecting malicious traffic or anomalies in networks. The monitoring is extremely challenging in high-speed networks, and would involve high computation and memory costs. We propose a novel stateful Bloom filter (stateBF) to enable a highly compact, low-overhead, and accurate flow-state storage service for the monitoring of the per-flow connection states. Unlike the standard Bloom filter and its various extensions, we design a special cell-based data structure for stateBF instead of bit array to track both the state value and the number of times the same state value is inserted to stateBF. We further design four stateBF operations for advanced flow-state management. To enable efficient stateBF operations, they are designed to be bitwise for the simple implementation. We have done extensive simulations with data traces from public MAWI and from a university campus. Our performance results demonstrate that stateBF can support per-flow state storage services in high speed networks with low storage space, and high querying speed and accuracy.