Malicious domain generation algorithm (DGA) detection in memory of a data processing unit using machine learning detection models

Assignee

• MELLANOX TECHNOLOGIES, LTD. · IL

Inventors

• Vadim Gechman · Tel Mond, IL
• Nir Rosen · Pardes Hana-Karkur, IL
• Haim Elisha · Ashkelon, IL
• Bartley Richardson · Alexandria, US
• Rachel Allen · Arlington, US
• Ahmad N. Saleh · Dubai, AE
• Rami Ailabouni · Ilabun, IL
• Thanh Nguyen · Toulouse, FR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/145
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Apparatuses, systems, and techniques for classifying one or more candidate uniform resource locators (URLs) as having a domain generation algorithm (DGA) domain using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service extracts a set of features from data stored in the physical memory, the data being domain characters in one or more candidate URLs. The security service classifies, using the ML detection system, the one or more candidate URLs as having a DGA domain or a non-DGA domain using the set of features. The security service outputs an indication of a DGA malware responsive to the one or more candidate URLs being classified as having the DGA domain.