A method for evaluating contents of a message is provided. The method initiates with characterizing a message segment. Then, the message is scanned to define tokens associated with the message segment. Next, the tokens are parsed to define substructures. Then, the rules associated with the tokens are determined, wherein the rules define actions. At the same time determining the session or meta session associated with the communication. Then, the actions associated with the message are executed. Next, the message is queued to be sent out. A method for providing content based security, a computer readable media, an adapter card and a network device configured to provide content based security and an intrusion protection system are provided.