US 12,261,881 B2
Malicious uniform resource locator (URL) detection in memory of a data processing unit using machine learning detection models
Vadim Gechman, Hulda (IL); Nir Rosen, Pardes Hana-Karkur (IL); Haim Elisha, Ashkelon (IL); Bartley Richardson, Alexandria, VA (US); Rachel Allen, Arlington, VA (US); Ahmad Saleh, Reineh Village (IL); Rami Ailabouni, Eilabun (IL); and Thanh Nguyen, Huntsville, AL (US)
Assigned to Mellanox Technologies, Ltd., Yokneam (IL)
Filed by Mellanox Technologies, Ltd., Yokneam (IL)
Filed on Jul. 13, 2022, as Appl. No. 17/864,310.
Claims priority of provisional application 63/309,849, filed on Feb. 14, 2022.
Prior Publication US 2023/0319108 A1, Oct. 5, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 13/28 (2006.01); G06F 40/284 (2020.01); H04L 9/40 (2022.01)
CPC H04L 63/1483 (2013.01) [G06F 13/28 (2013.01); G06F 40/284 (2020.01); G06F 2213/0024 (2013.01)] 26 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining, using a data processing unit (DPU) operatively coupled to a host device, a snapshot of data stored in physical memory of the host device, the data being associated with one or more computer programs executed by the host device, wherein the snapshot of data is obtained by the DPU using out-of-band memory acquisitions isolated from the one or more computer programs;
extracting, using a machine learning (ML) detection system, a set of features from the snapshot, wherein the set of features comprising words in a candidate uniform resource locator (URL) and numeric features of a URL structure of the candidate URL;
classifying, using the set of features and the ML detection system, the candidate URL as malicious or benign; and
outputting an indication of a malicious URL responsive to the candidate URL being classified as malicious.