公开(公告)号：US11968126B2

公开(公告)日：2024-04-23

申请号：US17955583

申请日：2022-09-29

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Roni Bar Yanai ,  Jiawei Wang ,  Yossef Efraim ,  Chen Rozenbaum

IPC: H04L47/2483 ,  H04L45/748

CPC classification number: H04L47/2483 ,  H04L45/748

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline, for use in a network device, is received from a user. The specification is defined in terms of one or more of the packet-processing functions draws from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

公开(公告)号：US20230328032A1

公开(公告)日：2023-10-12

申请号：US17714207

申请日：2022-04-06

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Chen Rozenbaum ,  Shaul Arazi ,  Shahaf Shuler ,  Gary Mataev

IPC: H04L9/40 ,  H04L69/22

CPC classification number: H04L63/0236 ,  H04L63/0263 ,  H04L63/20 ,  H04L69/22

Abstract: In one embodiment, a data communication device includes a network interface controller to process packets received from at least one of a host device for sending over a network, and at least one remote device over the network, at least one processor to execute computer instructions to receive a configuration, and extract filtering rules from the configuration, and at least one hardware accelerator to receive the filtering rules from the at least one processor, and filter the packets based on the rules so that some of the packets are dropped and some of the packets are forwarded to the at least one processor to send data based on the forwarded packets to another device.

公开(公告)号：US12218849B2

公开(公告)日：2025-02-04

申请号：US18589466

申请日：2024-02-28

Applicant: Mellanox Technologies, Ltd.

Inventor： Roni Bar Yanai ,  Jiawei Wang ,  Yossef Efraim ,  Chen Rozenbaum

IPC: H04L47/2483 ,  H04L45/748

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline is received from a user. The specification is defined in terms of one or more of the packet-processing functions drawn from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

公开(公告)号：US20230336574A1

公开(公告)日：2023-10-19

申请号：US17720216

申请日：2022-04-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Chen Rozenbaum ,  Shauli Arazi ,  Bartley Richardson

IPC: H04L9/40 ,  G06N3/08

CPC classification number: H04L63/1425 ,  G06N3/08

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a malicious network attack using a machine learning (ML) detection system are described. A computing system includes a graphics processing unit (GPU) and an integrated circuit with a network interface, and a hardware acceleration engine. The integrated circuit hosts a hardware-accelerated security service to extract features from network data and metadata from the hardware acceleration engine and sends the extracted features to the GPU. Using the ML detection system, the GPU determines whether the host device is subject to a malicious network attack using the extracted features. The GPU can send an enforcement rule to the integrated circuit responsive to a determination that the host device is subject to the malicious network activity.

公开(公告)号：US20250097260A1

公开(公告)日：2025-03-20

申请号：US18369710

申请日：2023-09-18

Applicant: Mellanox Technologies, Ltd.

Inventor： Chen Rozenbaum ,  Gary Mataev

IPC: H04L9/40 ,  H04L41/16

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDOS) attack using a machine learning (ML) detection system are described. A computing system includes a data processing unit (DPU) with a network interface and a hardware acceleration engine. The DPU hosts a hardware-accelerated security service to extract features from network data and metadata from the hardware acceleration engine and sends the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDOS attack using the extracted features. The ML detection system can send an enforcement rule to the hardware acceleration engine responsive to a determination that the host device is subject to the DDOS attack.

公开(公告)号：US12231401B2

公开(公告)日：2025-02-18

申请号：US17714207

申请日：2022-04-06

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Chen Rozenbaum ,  Shaul Arazi ,  Shahaf Shuler ,  Gary Mataev

IPC: H04L9/40 ,  H04L69/22

Abstract: In one embodiment, a data communication device includes a network interface controller to process packets received from at least one of a host device for sending over a network, and at least one remote device over the network, at least one processor to execute computer instructions to receive a configuration, and extract filtering rules from the configuration, and at least one hardware accelerator to receive the filtering rules from the at least one processor, and filter the packets based on the rules so that some of the packets are dropped and some of the packets are forwarded to the at least one processor to send data based on the forwarded packets to another device.

公开(公告)号：US20250097261A1

公开(公告)日：2025-03-20

申请号：US18369714

申请日：2023-09-18

Applicant: Mellanox Technologies, Ltd.

Inventor： Chen Rozenbaum ,  Gary Mataev ,  Ran Sandhaus ,  Hanan Shteingart

IPC: H04L9/40 ,  H04L41/16

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDOS) attack using a machine learning (ML) detection system are described. A computing system includes a switch with port interfaces, a central processing unit (CPU) that implements a machine learning (ML) detection system, and network monitoring logic. The network monitoring logic can extract features from network data and send the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDOS attack using the extracted features. The ML detection system can send an alert to the host device responsive to a determination that the host device is subject to the DDOS attack.

公开(公告)号：US20240223588A1

公开(公告)日：2024-07-04

申请号：US18479229

申请日：2023-10-02

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim GECHMAN ,  Haim Elisha ,  Nir Rosen ,  Chen Rozenbaum ,  Ahmad Saleh ,  Muhammad Abu Saleh ,  Emil Khshiboun

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1425 ,  H04L41/16 ,  H04L63/145

Abstract: A system and method may detect crypto mining, including using a processor: obtaining a stream of packets; extracting metadata of the packets; and determining whether the packets are related to crypto mining by providing the metadata of the packets to a machine learning (ML) model.

公开(公告)号：US20240086536A1

公开(公告)日：2024-03-14

申请号：US18119714

申请日：2023-03-09

Applicant: Mellanox Technologies, Ltd.

Inventor： Nir Rosen ,  Rami Ailabouni ,  Thanh Nguyen ,  Ohad Peres ,  Elad Haimovich ,  Vadim Gechman ,  Haim Elisha ,  Adi Peled ,  Chen Rozenbaum ,  Ahmad Saleh

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F2221/034

Abstract: Apparatuses, systems, and techniques of using one or more circuits (e.g., of a network interface) to obtain contents of at least one memory region usable, by one or more processes being performed by a host computing system, to store dynamic memory allocations, and determine whether any of the process(es) is performing at least one potentially harmful task based at least in part on the contents of the memory region(s).

公开(公告)号：US20240396916A1

公开(公告)日：2024-11-28

申请号：US18788700

申请日：2024-07-30

Applicant: Mellanox Technologies, Ltd.

Inventor： Chen Rozenbaum ,  Shauli Arazi ,  Bartley Richardson

IPC: H04L9/40 ,  G06N3/08

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a malicious network attack using a machine learning (ML) detection system are described. A computing system includes a graphics processing unit (GPU) and an integrated circuit with a network interface, and a hardware acceleration engine. The integrated circuit hosts a hardware-accelerated security service to extract features from network data and metadata from the hardware acceleration engine and sends the extracted features to the GPU. Using the ML detection system, the GPU determines whether the host device is subject to a malicious network attack using the extracted features. The GPU can send an enforcement rule to the integrated circuit responsive to a determination that the host device is subject to the malicious network activity.