US 12,169,563 B2
Ransomware detection in memory of a data processing unit using machine learning detection models
Vadim Gechman, Hulda (IL); Nir Rosen, Pardes Hana-Karkur (IL); Haim Elisha, Ashkelon (IL); Bartley Richardson, Alexandria, VA (US); Rachel Allen, Arlington, VA (US); Ahmad Saleh, Reineh Village (IL); Rami Ailabouni, Eilabun (IL); and Thanh Nguyen, Huntsville, AL (US)
Assigned to Mellanox Technologies, Ltd., Yokneam (IL)
Filed by Mellanox Technologies, Ltd., Yokneam (IL)
Filed on Jul. 13, 2022, as Appl. No. 17/864,303.
Claims priority of provisional application 63/309,849, filed on Feb. 14, 2022.
Prior Publication US 2023/0259625 A1, Aug. 17, 2023
Int. Cl. G06F 21/56 (2013.01); G06N 20/20 (2019.01)
CPC G06F 21/566 (2013.01) [G06N 20/20 (2019.01); G06F 2221/034 (2013.01)] 28 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining, using a data processing unit (DPU) operatively coupled to a host device, a series of snapshots of data stored in physical memory of the host device, the data being associated with one or more computer programs executed by the host device, wherein the series of snapshots of data are obtained by the DPU without detection by the one or more computer programs;
extracting, using a machine learning (ML) detection system, a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time;
classifying, using the set of features and the ML detection system, a process of the one or more computer programs as ransomware or non-ransomware; and
outputting an indication of ransomware responsive to the process being classified as ransomware.