Abstract: Apparatuses, systems, and techniques for detecting distributed denial of service (DDoS) attacks are described. A system includes a plurality of switches in a monitored data center, each switch comprising network monitoring logic to sample network packets and generate flow records representing behavior of network traffic. A dataflow collector receives the flow records from the plurality of switches. A streaming pipeline coupled to the dataflow collector processes the flow records. A data store stores the flow records processed by the streaming pipeline. A trainer accesses the flow records in the data store and trains one or more machine learning (ML) models to detect DDoS attacks based on the flow records. At least one of the one or more ML models is deployable to at least one switch of the plurality of switches to determine whether a host device coupled to the at least one switch is subject to a DDoS attack.

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDoS) attack using a machine learning (ML) detection system are described. A computing system includes a data processing unit (DPU) with a network interface and a hardware-acceleration engine. The DPU hosts a hardware-accelerated security service to extract features from network data and metadata from the hardware-acceleration engine and sends the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDoS attack using the extracted features. The ML detection system can send an enforcement rule to the hardware-acceleration engine responsive to a determination that the host device is subject to the DDoS attack.

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDOS) attack using a machine learning (ML) detection system are described. A computing system includes a data processing unit (DPU) with a network interface and a hardware-acceleration engine. The DPU hosts a hardware-accelerated security service to extract features from network data and metadata from the hardware acceleration engine and sends the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDOS attack using the extracted features. The ML detection system can send an enforcement rule to the hardware-acceleration engine responsive to a determination that the host device is subject to the DDOS attack.

Abstract: Methods, systems, and machine-readable mediums to perform a neural network to encode log data. In at least one embodiment, a processor comprising one or more circuits to encode at least one log message, at least in part, by encoding a first type of information in the at least one log message to obtain a first encoding, encoding a second type of information in the at least one log message to obtain a second encoding, and obtaining a resultant encoding at least in part by combing at least the first and second encodings.

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDOS) attack using a machine learning (ML) detection system are described. A computing system includes a switch with port interfaces, a central processing unit (CPU) that implements a machine learning (ML) detection system, and network monitoring logic. The network monitoring logic can extract features from network data and send the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDOS attack using the extracted features. The ML detection system can send an alert to the host device responsive to a determination that the host device is subject to the DDOS attack.

Abstract: Methods, systems, and computer program products for selecting packing processing cores are provided. An example system includes a plurality of packet processing cores and a load balancing unit communicatively connected to the plurality of packet processing cores. The load balancing unit is configured to receive a workflow packet including packet description data indicative of at least a packet structure and a packet priority and receive, from the plurality of packet processing cores, state data indicative of at least a utilization state and an operating state of each of the respective packet processing cores. The load balancing unit determines a selected packet processing core from amongst the plurality of packet processing cores based on the state data of the packet processing core and the packet description data of the workflow packet and transmits the workflow packet to the selected packet processing core.

Abstract: Methods, systems, and machine-readable mediums to perform a neural network to encode log data. In at least one embodiment, a processor comprising one or more circuits to encode at least one log message, at least in part, by encoding a first type of information in the at least one log message to obtain a first encoding, encoding a second type of information in the at least one log message to obtain a second encoding, and obtaining a resultant encoding at least in part by combing at least the first and second encodings.

Abstract: Methods, systems, and machine-readable mediums to encode at least one vector associated with a log using a neural network. In at least one embodiment, a neural network is trained, at least in part, by obtaining first, second, and third encoded vectors by encoding a first vector associated with a first log sequence, a second vector associated with a second log sequence similar to the first log sequence, and a third vector associated with a third log sequence dissimilar from the first log sequence; and selecting at least one model weight that increases a likelihood that the first encoded vector is closer to the second encoded vector than the third encoded vector.

Abstract: Methods, systems, and machine-readable mediums to encode at least one vector associated with a log using a neural network. In at least one embodiment, a processor is to encode at least one log message using at least one neural network trained, at least in part, by: obtaining a similarity score associated with a first vector and a second vector, the first vector to be associated with one or more first log messages, and the second vector to be associated with one or more second log messages; generating at least one similarity value indicating similarity between the first vector and the second vector; and determining a metric indicating similarity between the similarity score and the at least one similarity value.

Abstract: Methods, systems, and machine-readable mediums to perform a neural network to encode log data. In at least one embodiment, a processor comprising one or more circuits to encode at least one log message, at least in part, by encoding a first type of information in the at least one log message to obtain a first encoding, encoding a second type of information in the at least one log message to obtain a second encoding, and obtaining a resultant encoding at least in part by combing at least the first and second encodings.

Abstract: Methods, systems, and machine-readable mediums to perform a neural network to classify one or more logs. In at least one embodiment, a processor comprising one or more circuits to classify one or more log entries to obtain one or more classified log entries, obtain combined information at least in part by combing at least the one or more classified log entries and telemetry information, and use at least one machine learning process to classify the combined information.

Abstract: Methods, systems, and computer program products for selecting packing processing cores are provided. An example system includes a plurality of packet processing cores and a load balancing unit communicatively connected to the plurality of packet processing cores. The load balancing unit is configured to receive a workflow packet including packet description data indicative of at least a packet structure and a packet priority and receive, from the plurality of packet processing cores, state data indicative of at least a utilization state and an operating state of each of the respective packet processing cores. The load balancing unit determines a selected packet processing core from amongst the plurality of packet processing cores based on the state data of the packet processing core and the packet description data of the workflow packet and transmits the workflow packet to the selected packet processing core.

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDOS) attack using a machine learning (ML) detection system are described. A computing system includes a data processing unit (DPU) with a network interface and a hardware acceleration engine. The DPU hosts a hardware-accelerated security service to extract features from network data and metadata from the hardware acceleration engine and sends the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDOS attack using the extracted features. The ML detection system can send an enforcement rule to the hardware acceleration engine responsive to a determination that the host device is subject to the DDOS attack.

Abstract: Apparatuses, systems, and techniques for detecting that a host device is subject to a distributed denial of service (DDOS) attack using a machine learning (ML) detection system are described. A computing system includes a switch with port interfaces, a central processing unit (CPU) that implements a machine learning (ML) detection system, and network monitoring logic. The network monitoring logic can extract features from network data and send the extracted features to the ML detection system. The ML detection system determines whether the host device is subject to a DDOS attack using the extracted features. The ML detection system can send an alert to the host device responsive to a determination that the host device is subject to the DDOS attack.

Abstract: In one embodiment, a data communication device includes a network interface controller to process packets received from at least one of a host device for sending over a network, and at least one remote device over the network, at least one processor to execute computer instructions to receive a configuration, and extract filtering rules from the configuration, and at least one hardware accelerator to receive the filtering rules from the at least one processor, and filter the packets based on the rules so that some of the packets are dropped and some of the packets are forwarded to the at least one processor to send data based on the forwarded packets to another device.

Abstract: Devices and methods to identify malicious usage of a network device. In at least one embodiment, a network device comprises circuitry for performing a networking function and collecting telemetry data indicative of the performance of the networking function. The network device obtains an inference of a network traffic pattern using a machine learning model, and responds to the inference.

Abstract: Devices and methods to identify malicious usage of a network device. In at least one embodiment, a network device comprises circuitry for performing a networking function and collecting telemetry data indicative of the performance of the networking function. The network device obtains an inference of a network traffic pattern using a machine learning model, and responds to the inference.

Abstract: Methods, systems, and computer program products for selecting packing processing cores are provided. An example system includes a plurality of packet processing cores and a load balancing unit communicatively connected to the plurality of packet processing cores. The load balancing unit is configured to receive a workflow packet including packet description data indicative of at least a packet structure and a packet priority and receive, from the plurality of packet processing cores, state data indicative of at least a utilization state and an operating state of each of the respective packet processing cores. The load balancing unit determines a selected packet processing core from amongst the plurality of packet processing cores based on the state data of the packet processing core and the packet description data of the workflow packet and transmits the workflow packet to the selected packet processing core.

Abstract: In one embodiment, a data communication device includes a network interface controller to process packets received from at least one of a host device for sending over a network, and at least one remote device over the network, at least one processor to execute computer instructions to receive a configuration, and extract filtering rules from the configuration, and at least one hardware accelerator to receive the filtering rules from the at least one processor, and filter the packets based on the rules so that some of the packets are dropped and some of the packets are forwarded to the at least one processor to send data based on the forwarded packets to another device.

Abstract: In one embodiment, a processing apparatus includes a processor to train an artificial intelligence model to find a pacing action from which to derive a pacing metric for use in serving content transfer requests.