COLLABORATIVE DEEP PACKET INSPECTION SYSTEMS AND METHODS

摘要

A system for collaborative deep packet inspection in a network uses a coarse grain mechanism to perform deep packet inspection on sample packets sampled from a plurality of traffic flows received at a network device using a plurality of signatures and develop a profile of the network and a fine grain mechanism to perform real-time inspection of a traffic flow against a small set of the signatures that is updated based on the profile. The fine grain mechanism further enables at least one policy action to be applied to a traffic flow when the traffic flow matches one of the signatures in the set of signatures.

主权项

1. A network device, comprising:
at least one port coupled to a network to receive a plurality of traffic flows, each including a plurality of packets; a memory maintaining a set of signatures; a processor for receiving sample packets sampled from the plurality of traffic flows and performing deep packet inspection on the sample packets against a plurality of signatures to develop a profile of the network, the profile indicating network activity within the network, the processor further for enabling the set of signatures to be updated based on the profile, the set of signatures including less than all of the plurality of signatures; and a signature matching engine for receiving a traffic flow of the plurality of traffic flows and inspecting the traffic flow in real-time by comparing the traffic flow with each signature in the set of signatures, the signature matching engine further for determining whether the traffic flow matches one of the signatures in the set of signatures and enabling at least one policy action to be applied to the traffic flow when the traffic flow matches one of the signatures in the set of signatures.