US Patent No. 9,288,159

SYSTEMS AND METHODS FOR DEEP PACKET INSPECTION WITH A VIRTUAL MACHINE


Patent No. 9,288,159
Issue Date March 15, 2016
Title Systems And Methods For Deep Packet Inspection With A Virtual Machine
Inventorship Gad Hutt, Sunnyvale, CA (US)
Michael Orr, Sunnyvale, CA (US)
Ronen Tausi, Raanana (IL)
Vitaly Vovnoboy, Karney Shomron (IL)
Assignee Marvell World Trade Ltd., St. Michael (BB)

Claim of US Patent No. 9,288,159

1. A system for performing deep packet inspection of data packets, the system comprising at least one processor configured
to:
receive a plurality of data packets to be forwarded; and
select one or more of the plurality of data packets based at least in part on a first set of rules for deep packet inspection,
by inspecting a predetermined sequence of bits at a predetermined offset of each of the plurality of data packets;

perform deep packet inspection on the selected one or more data packets to determine whether the selected one or more data
packets are allowed for forwarding, according to a second set of rules that are based on

(i) characters in the selected one or more data packets matching a predetermined pattern,
(ii) strings in the selected one or more data packets matching a predetermined pattern,
(iii) cardinality of a group consisting of the selected one or more data packets, wherein the cardinality represents how many
packets are in the group,

(iv) behavioral and statistical analyses of the selected one or more data packets to identify a virus or analyze network traffic,
and

(v) existence, from among the selected one or more data packets, a plurality of consecutive data packets that together contain
a particular sequence of actions that indicates a particular application or network entity;

discard the selected one or more data packets in response to determining, based on the deep packet inspection, that the selected
one or more data packets are not allowed for forwarding;

forward the selected one or more data packets in response to determining, based on the deep packet inspection, that the selected
data packets are allowed for forwarding; and

wherein the receiving, the selecting, the discarding and the forwarding are performed by a packet forwarding component; and
wherein the deep packet inspection is performed by a virtual machine component.