主权项 |
1. A system for performing deep packet inspection of data packets, the system comprising at least one processor configured to:
receive a plurality of data packets to be forwarded; and select one or more of the plurality of data packets based at least in part on a first set of rules for deep packet inspection, by inspecting a predetermined sequence of bits at a predetermined offset of each of the plurality of data packets; perform deep packet inspection on the selected one or more data packets to determine whether the selected one or more data packets are allowed for forwarding, according to a second set of rules that are based on
(i) characters in the selected one or more data packets matching a predetermined pattern,(ii) strings in the selected one or more data packets matching a predetermined pattern,(iii) cardinality of a group consisting of the selected one or more data packets, wherein the cardinality represents how many packets are in the group,(iv) behavioral and statistical analyses of the selected one or more data packets to identify a virus or analyze network traffic, and(v) existence, from among the selected one or more data packets, a plurality of consecutive data packets that together contain a particular sequence of actions that indicates a particular application or network entity; discard the selected one or more data packets in response to determining, based on the deep packet inspection, that the selected one or more data packets are not allowed for forwarding; forward the selected one or more data packets in response to determining, based on the deep packet inspection, that the selected data packets are allowed for forwarding; and wherein the receiving, the selecting, the discarding and the forwarding are performed by a packet forwarding component; and wherein the deep packet inspection is performed by a virtual machine component. |