公开(公告)号：US12169563B2

公开(公告)日：2024-12-17

申请号：US17864303

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/56 ,  G06N20/20

Abstract: Apparatuses, systems, and techniques for classifying one or more computer programs executed by a host device as being ransomware using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service obtains a series of snapshots of data stored in the physical memory and extracts a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time. The security service classifies a process of the one or more computer programs as ransomware or non-ransomware using the set of features and outputs an indication of ransomware responsive to the process being classified as ransomware.

公开(公告)号：US20230259614A1

公开(公告)日：2023-08-17

申请号：US17864306

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: Apparatuses, systems, and techniques for detecting that one or more computer programs executed by a host device are subject to malicious activity using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being associated with the one or more computer programs. The security service determines, using the ML detection system, whether the one or more computer programs are subject to malicious activity based on the set of features. The security service outputs an indication of the malicious activity responsive to a determination that the one or more computer programs are subject to the malicious activity.

公开(公告)号：US12160437B2

公开(公告)日：2024-12-03

申请号：US17864312

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: H04L9/40

Abstract: Apparatuses, systems, and techniques for classifying one or more candidate uniform resource locators (URLs) as having a domain generation algorithm (DGA) domain using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being domain characters in one or more candidate URLs. The security service classifies, using the ML detection system, the one or more candidate URLs as having a DGA domain or a non-DGA domain using the set of features. The security service outputs an indication of a DGA malware responsive to the one or more candidate URLs being classified as having the DGA domain.

公开(公告)号：US20240086536A1

公开(公告)日：2024-03-14

申请号：US18119714

申请日：2023-03-09

Applicant: Mellanox Technologies, Ltd.

Inventor： Nir Rosen ,  Rami Ailabouni ,  Thanh Nguyen ,  Ohad Peres ,  Elad Haimovich ,  Vadim Gechman ,  Haim Elisha ,  Adi Peled ,  Chen Rozenbaum ,  Ahmad Saleh

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F2221/034

Abstract: Apparatuses, systems, and techniques of using one or more circuits (e.g., of a network interface) to obtain contents of at least one memory region usable, by one or more processes being performed by a host computing system, to store dynamic memory allocations, and determine whether any of the process(es) is performing at least one potentially harmful task based at least in part on the contents of the memory region(s).

公开(公告)号：US12261881B2

公开(公告)日：2025-03-25

申请号：US17864310

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/00 ,  G06F13/28 ,  G06F40/284 ,  H04L9/40

Abstract: Apparatuses, systems, and techniques for classifying a candidate uniform resource locator (URL) as malicious using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being words in a candidate URL and numeric features of a URL structure of the candidate URL. The security service classifies, using the ML detection system, the candidate URL as malicious or benign using the set of features. The security service outputs an indication of a malicious URL responsive to the candidate URL being classified as malicious.

公开(公告)号：US12118078B2

公开(公告)日：2024-10-15

申请号：US17864306

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/55 ,  G06F21/56 ,  G06F40/284

CPC classification number: G06F21/552 ,  G06F21/567 ,  G06F40/284 ,  G06F2221/034

Abstract: Apparatuses, systems, and techniques for detecting that one or more computer programs executed by a host device are subject to malicious activity using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being associated with the one or more computer programs. The security service determines, using the ML detection system, whether the one or more computer programs are subject to malicious activity based on the set of features. The security service outputs an indication of the malicious activity responsive to a determination that the one or more computer programs are subject to the malicious activity.

公开(公告)号：US20230319108A1

公开(公告)日：2023-10-05

申请号：US17864310

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: H04L9/40 ,  G06F40/284 ,  G06F13/28

CPC classification number: H04L63/1483 ,  G06F13/28 ,  G06F40/284 ,  G06F2213/0024

Abstract: Apparatuses, systems, and techniques for classifying a candidate uniform resource locator (URL) as malicious using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being words in a candidate URL and numeric features of a URL structure of the candidate URL. The security service classifies, using the ML detection system, the candidate URL as malicious or benign using the set of features. The security service outputs an indication of a malicious URL responsive to the candidate URL being classified as malicious.

公开(公告)号：US20240427890A1

公开(公告)日：2024-12-26

申请号：US18824197

申请日：2024-09-04

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/56 ,  G06N20/20

Abstract: Apparatuses, systems, and techniques for classifying one or more computer programs executed by a host device as being ransomware using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service obtains a series of snapshots of data stored in the physical memory and extracts a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time. The security service classifies a process of the one or more computer programs as ransomware or non-ransomware using the set of features and outputs an indication of ransomware responsive to the process being classified as ransomware.

公开(公告)号：US20240427880A1

公开(公告)日：2024-12-26

申请号：US18825175

申请日：2024-09-05

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/55 ,  G06F21/56 ,  G06F40/284

Abstract: Apparatuses, systems, and techniques for detecting that one or more computer programs executed by a host device are subject to malicious activity using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being associated with the one or more computer programs. The security service determines, using the ML detection system, whether the one or more computer programs are subject to malicious activity based on the set of features. The security service outputs an indication of the malicious activity responsive to a determination that the one or more computer programs are subject to the malicious activity.

公开(公告)号：US20230262076A1

公开(公告)日：2023-08-17

申请号：US17864312

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/145

Abstract: Apparatuses, systems, and techniques for classifying one or more candidate uniform resource locators (URLs) as having a domain generation algorithm (DGA) domain using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being domain characters in one or more candidate URLs. The security service classifies, using the ML detection system, the one or more candidate URLs as having a DGA domain or a non-DGA domain using the set of features. The security service outputs an indication of a DGA malware responsive to the one or more candidate URLs being classified as having the DGA domain.