PACKET PROCESSING SYSTEM FOR NETWORK BASED DATA LOSS PREVENTION CAPABLE OF DISTRIBUTED PROCESSING DEPENDING ON APPLICATION PROTOCOL AND METHOD THEREOF

摘要

PURPOSE: A network-based NDLP packet processing system providing a distribution processing function by application protocols and a method thereof are provided to guarantee the delicate and flexible preprocessing of packets. CONSTITUTION: A packet processing system (10) includes a hardware engine (130) and a software engine (210). The hardware engine selects an upload packet from an input packet by performing pattern matching and session-based filtering to an input packet. The hardware engine identifies a primary application protocol and adds primary identification data about the protocol. The software engine includes a plurality of objects for different application protocols. The software engine identifies a secondary application protocol for a packet to which the primary identification data is added by using an object for an application protocol corresponding to the primary identification data when receiving the packet and distributes the packet. [Reference numerals] (110) Two ports; (120) Ethernet controller; (130) First analysis engine; (131) MCP logic; (132) Memory; (140) PCI bridge; (210) Second analysis engine; (210_1) First object; (210_n) Second object; (220) Log DB; (230) Signature/policy DB; (240) Packet driver; (AA) Application program level; (BB) Kernel level; (C1) Channel #1; (C2) Channel #n