The continuous growth in the Internet's size, the amount of data traffic, and the complexity of processing this traffic gives rise to new challenges in building high performance network devices. Such an exponential growth coupledwith the increasing sophistication of attacks, is placing stringent demands on the performance of networked systems (Firewalls). These challengesrequire new designs, architecture and algorithms for the optimization of such systems.The current or classical security of present day Internet is "static" and "oblivious" to traffic dynamics in the network. Hence, there are tremendous efforts towards the design and development of several techniques and strategies to deal with the above shortcomings. Unfortunately, the current solutions have been successful in addressing only some aspects ofsecurity. However, as a whole security remains a major issue. This is primarily due to the lack of adaptation and dynamics in the design of such intrusion detection and mitigation systems.This thesis focuses on the design of architectures and algorithms for theoptimization of such networked systems, to aid not only adaptive and real-time "packet filtering' but also fast "content basedrouting (differentiated services)' in today's data-driven networks.The approach proposed involves a unique combination of algorithmic andarchitectural techniques that aims to outperform all current solutions in termsof adaptiveness, speed of operation (under attack or heavily loaded conditions) andoverall operational cost-effectiveness of such systems. The tools proposed in thisthesis also aim to offer the flexibility to include new approaches, and providethe ability to migrate or deploy additional entities for attack detection and defense
