公开(公告)号：US20240427890A1

公开(公告)日：2024-12-26

申请号：US18824197

申请日：2024-09-04

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/56 ,  G06N20/20

Abstract: Apparatuses, systems, and techniques for classifying one or more computer programs executed by a host device as being ransomware using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service obtains a series of snapshots of data stored in the physical memory and extracts a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time. The security service classifies a process of the one or more computer programs as ransomware or non-ransomware using the set of features and outputs an indication of ransomware responsive to the process being classified as ransomware.

公开(公告)号：US20240427880A1

公开(公告)日：2024-12-26

申请号：US18825175

申请日：2024-09-05

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/55 ,  G06F21/56 ,  G06F40/284

Abstract: Apparatuses, systems, and techniques for detecting that one or more computer programs executed by a host device are subject to malicious activity using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being associated with the one or more computer programs. The security service determines, using the ML detection system, whether the one or more computer programs are subject to malicious activity based on the set of features. The security service outputs an indication of the malicious activity responsive to a determination that the one or more computer programs are subject to the malicious activity.

公开(公告)号：US20240330436A1

公开(公告)日：2024-10-03

申请号：US18735120

申请日：2024-06-05

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Rami Ailabouni ,  Ahmad Saleh ,  Ariel Levanon ,  Thanh Nguyen ,  Mark Overby

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F21/606 ,  G06F2221/033

Abstract: The technology disclosed herein enables an auxiliary device to run a service that can access and analyze data of a Trusted Execution Environment (TEE). The auxiliary device can determine that a host device comprises a first TEE established by a central processing unit (CPU) of the host device, where CPU executes a first computer program in the first TEE. The auxiliary device can receive data of the first TEE using a trusted communication link between the first TEE and a second TEE established by the DPU, and execute a second computer program in the second TEE to monitor execution of the first computer program.

公开(公告)号：US20230262076A1

公开(公告)日：2023-08-17

申请号：US17864312

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/145

Abstract: Apparatuses, systems, and techniques for classifying one or more candidate uniform resource locators (URLs) as having a domain generation algorithm (DGA) domain using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being domain characters in one or more candidate URLs. The security service classifies, using the ML detection system, the one or more candidate URLs as having a DGA domain or a non-DGA domain using the set of features. The security service outputs an indication of a DGA malware responsive to the one or more candidate URLs being classified as having the DGA domain.

公开(公告)号：US20230259625A1

公开(公告)日：2023-08-17

申请号：US17864303

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/56 ,  G06N20/20

CPC classification number: G06F21/566 ,  G06N20/20 ,  G06F2221/034

Abstract: Apparatuses, systems, and techniques for classifying one or more computer programs executed by a host device as being ransomware using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service obtains a series of snapshots of data stored in the physical memory and extracts a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time. The security service classifies a process of the one or more computer programs as ransomware or non-ransomware using the set of features and outputs an indication of ransomware responsive to the process being classified as ransomware.

公开(公告)号：US12169563B2

公开(公告)日：2024-12-17

申请号：US17864303

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/56 ,  G06N20/20

Abstract: Apparatuses, systems, and techniques for classifying one or more computer programs executed by a host device as being ransomware using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service obtains a series of snapshots of data stored in the physical memory and extracts a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time. The security service classifies a process of the one or more computer programs as ransomware or non-ransomware using the set of features and outputs an indication of ransomware responsive to the process being classified as ransomware.

公开(公告)号：US12032680B2

公开(公告)日：2024-07-09

申请号：US17709815

申请日：2022-03-31

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Rami Ailabouni ,  Ahmad Saleh ,  Ariel Levanon ,  Thanh Nguyen ,  Mark Overby

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F21/606 ,  G06F2221/033

Abstract: The technology disclosed herein enables an auxiliary device to run a service that can access and analyze data of a Trusted Execution Environment (TEE). The auxiliary device may establish an auxiliary TEE in the auxiliary device and establish a trusted communication link between the auxiliary TEE and the TEE (i.e., primary TEE). The primary TEE may execute a target program using the primary devices of a host device (e.g., CPU) and the auxiliary TEE may execute a security program using the auxiliary device (e.g., DPU). In one example, the primary and auxiliary TEEs may be established for a cloud consumer and the auxiliary TEE may execute a security service that can monitor data of the primary TEE even though the data is inaccessible to all other software executing external to the primary TEE (e.g., inaccessible to host operating system and hypervisor).

公开(公告)号：US20230297666A1

公开(公告)日：2023-09-21

申请号：US17709815

申请日：2022-03-31

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Rami Ailabouni ,  Ahmad Saleh ,  Ariel Levanon ,  Thanh Nguyen ,  Mark Overby

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F21/606 ,  G06F2221/033

Abstract: The technology disclosed herein enables an auxiliary device to run a service that can access and analyze data of a Trusted Execution Environment (TEE). The auxiliary device may establish an auxiliary TEE in the auxiliary device and establish a trusted communication link between the auxiliary TEE and the TEE (i.e., primary TEE). The primary TEE may execute a target program using the primary devices of a host device (e.g., CPU) and the auxiliary TEE may execute a security program using the auxiliary device (e.g., DPU). In one example, the primary and auxiliary TEEs may be established for a cloud consumer and the auxiliary TEE may execute a security service that can monitor data of the primary TEE even though the data is inaccessible to all other software executing external to the primary TEE (e.g., inaccessible to host operating system and hypervisor).

公开(公告)号：US20230259614A1

公开(公告)日：2023-08-17

申请号：US17864306

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: Apparatuses, systems, and techniques for detecting that one or more computer programs executed by a host device are subject to malicious activity using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being associated with the one or more computer programs. The security service determines, using the ML detection system, whether the one or more computer programs are subject to malicious activity based on the set of features. The security service outputs an indication of the malicious activity responsive to a determination that the one or more computer programs are subject to the malicious activity.

公开(公告)号：US12160437B2

公开(公告)日：2024-12-03

申请号：US17864312

申请日：2022-07-13

Applicant: Mellanox Technologies, Ltd.

Inventor： Vadim Gechman ,  Nir Rosen ,  Haim Elisha ,  Bartley Richardson ,  Rachel Allen ,  Ahmad Saleh ,  Rami Ailabouni ,  Thanh Nguyen

IPC: H04L9/40

Abstract: Apparatuses, systems, and techniques for classifying one or more candidate uniform resource locators (URLs) as having a domain generation algorithm (DGA) domain using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being domain characters in one or more candidate URLs. The security service classifies, using the ML detection system, the one or more candidate URLs as having a DGA domain or a non-DGA domain using the set of features. The security service outputs an indication of a DGA malware responsive to the one or more candidate URLs being classified as having the DGA domain.