Deep packet inspection is a means of ensuring network security and eliminating malicious activity by scanning the contents of packets for threats. Deep packet inspection analyzes each packet on an individual basis to ensure that it does not exhibit a malicious signature. As network link speeds increase as well as the number of threats, it becomes increasingly difficult to scan for threats in real time. As a result, costly and very specialized hardware implementations were designed to handle the demand of scanning packets at high link rates. It is common that packets from the same session arrive out of order at inspection points. As a result it is possible that a signature can exist across the boundaries of two different packets and a scanner will miss a potential threat. The IBM Cell Broadband Engine was selected to group packets of the same session together prior to scanning because it offered a cost effective solution compared to specialized hardware. By having the ability to scan across packet boundaries one achieves a greater degree of threat detection and characterization of traffic. This thesis investigates the performance achieved by using the Cell processor as a preprocessor to group packets from the same network sessions together for scanning across packet boundaries. The implemented sessionizer was capable of processing network traffic at a worst case rate of 3 Gb/s and a best case of 20 Gb/s with four out of eight available synergistic processing elements.

Library of Congress Subject Headings

Packet switching (Data transmission); Computer networks--Security measures; Computer scheduling

Publication Date


Document Type


Department, Program, or Center

Computer Engineering (KGCOE)


Shaaban, Muhammad

Advisor/Committee Member

Schiller, Michael


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: TK5105.3 .M37 2008


RIT – Main Campus