With the increasing volume of network traffic and the emergence of new types of attacks, traditional network monitoring is facing significant challenges in ensuring network security and performance. In-network monitoring (INM) systems based on programmable switches, i.e., P4-based INM systems, have emerged as a more promising approach for high-performance and real-time network monitoring. However, existing P4-based INM systems have resource limitations in handling diverse and high-volume INM tasks such as multi-vector DDoS defenses. Worse still, attackers may try to dynamically change attack vectors to disrupt inadaptable systems and even lead to denial-of-service (DoS) attacks against INM.
To address these challenges, we present Cerberus, an efficient and effective in-network security monitoring system. To support various INM tasks, we abstract them into key-feature (K-F) pairs and design a novel \emph{memory slicing} mechanism to share memory among multiple K-F pairs. To handle high-volume traffic, we propose a new co-monitoring mechanism that complements the data and control planes, thereby greatly enhancing the efficiency of Cerberus. To adapt to changing network conditions, we design a new resource manager that dynamically reallocates resources for INM tasks and adjusts loads for the data and control planes without interrupting running services.