High-speed discrete content sensitive pattern match algorithm for deep packet filtering

Network security has long been a spotlight that draws increasing attention from all sides of society. Against this backdrop, deep processing of network packets has become an important subject for researchers. Since malicious packets often disguise their sensitive information in one way or another in order to bypass the packet filter, this paper proposes a high-speed discrete content sensitive pattern match algorithm for imperceptible deep packet filtering. The filter sets up and manages (including lookup and update) a sensitive information database, monitors both packet header and payload at line speed with hardware-based discrete content sensitive pattern match, and then executes the corresponding action. The paper mainly discusses a TCAM (ternary content addressable memory)-based pattern match algorithm as well as the architecture and performance analysis of a packet filtering system based on this algorithm. We present a totally new idea of hardware-based discrete content sensitive pattern match. Based on the result of algorithm evaluation and performance analysis, such a packet filtering system can achieve optimal functionality and efficiency that makes network monitoring much easier to work.