A method includes: receiving, by a computer, a user input corresponding to selection of a link associated with an address; determining, by the computer, that the address would not fit in an address bar of a browser displayed on a screen of the computer; and based on the determination that the address would not fit in the address bar of the browser, displaying, by the computer, in the address bar of the browser, a first element of the address and at least part of a second element of the address, including displaying a first portion of the second element of the address and an ellipsis indication representing a second portion of the second element of the address. The display of the first element of the address is visually distinguished from the display of the first portion of the second element of the address.

Aspects of the present disclosure include a system comprising a machine-readable storage medium storing at least one program and computer-implemented methods for detecting anomalies in revisions to a web document. Consistent with some embodiments, a method includes publishing, at a network-based content publication platform, a web document comprising a plurality of distinct elements generated using data received from a computing device of a user. The method further includes accessing an updated web document that was generated based on modifications to the published web document made by the user. The method further includes generating one or more anomaly scores based on a comparison of the updated web document to the published web document, and determining whether to allow publication of the updated web document based on a result of a comparison of the anomaly score to a threshold anomaly score.

The present disclosure relates to a communication technique for fusing a 5G communication system for supporting a high data transmission rate after a 4G system with the IoT technology, and a system thereof. The present disclosure can be applied to an intelligent service (e.g., a smart home, a smart building, a smart city, a smart car or connected car, healthcare, digital education, retail business, security and safety related service, etc.) based on the 5G communication technology and the IoT related technology. In accordance with an embodiment of the present disclosure, a method for detecting a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device by a web server in a wireless communication system is provided. The method includes: analyzing the widget in the web server; determining at least one invariant condition constantly maintained and conserved while the widget is running, on the basis of a result of the analyzing; generating a metadata file including data satisfying the at least one invariant condition; associating the metadata file with the widget and providing the widget in a state in which the associated metadata file is included in the widget.

A method, non-transitory computer readable medium and apparatus for controlling access of a custom browser function are disclosed. For example, the method includes a processor that sends a request to a third party website, receives a hypertext markup language code and a browser script, renders the hypertext markup language code, detects that the browser script is trying to access a custom browser function, compares one or more parameters associated with the custom browser function to an access control list to control an access of the custom browser function, and executes the custom browser function when a match of the one or more parameters is found in the access control list.

Aspects of the disclosure relate to detecting and identifying malicious sites using machine learning. A computing platform may receive a uniform resource locator (URL). The computing platform may parse and/or tokenize the URL to reduce the URL into a plurality of components. The computing platform may identify human-engineered features of the URL. The computing platform may compute a vector representation of the URL to identify deep learned features of the URL. The computing platform may concatenate the human-engineered features of the URL to the deep learned features of the URL, resulting in a concatenated vector representation. By inputting the concatenated vector representation of the URL to a URL classifier, the computing platform may compute a phish classification score. In response to determining that the phish classification score exceeds a first phish classification threshold, the computing platform may cause a cybersecurity server to perform a first action.

There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and instructions encoded within the memory to instruct the processor to: receive a uniform resource locator (URL) for analysis, the URL to access a web page via a remote server; via the network interface, retrieve from the remote server a copy of the web page; render the web page in a headless browser to provide a computer-accessible visual output; perform visual analysis of the visual output via a digital eye; compare the visual analysis to a plurality of known phishing target websites; and if the comparison identifies the web page as visually similar to a known phishing target website, detect the web page as a phishing web page.

A method comprises obtaining data characterizing web browsing activity of a group of users of an enterprise, processing the data characterizing the web browsing activity to identify one or more patterns of web browsing activity of the group of users, selecting, based on the patterns of web browsing activity, at least one website to check for evidence of a watering hole attack threat to the enterprise, analyzing elements of said at least one website to identify executable code evidencing the watering hole attack threat to the enterprise, and modifying access by one or more client devices of the enterprise to said at least one website responsive to identifying executable code of said at least one website evidencing the watering hole attack threat to the enterprise.

Disclosed embodiments relate to a system having a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Techniques for minimizing data flow from a first computing infrastructure hosting an email service platform to a second computing infrastructure at least partly hosting an email security platform that provides security analysis on emails of the email service. The email security platform may extract metadata from emails received at the first computing infrastructure, and send that metadata to the second computing infrastructure that is hosting a back end of the email service platform. The metadata extracted from the emails may include less confidential contained in an email, but enough information for the email security platform to determine whether an email is potentially malicious. Thus, the security analysis performed on emails to detect malicious attacks may be offloaded to the second computing infrastructure, but the metadata that leaves the first computing infrastructure and flows to the second computing infrastructure may be minimized by extracting meaningful metadata.

A learning apparatus includes processing circuitry configured to receive an input of information relating to a web page, whether or not the web page is a malicious site being known, the malicious site presenting a false virus removal method, and generate a training model using, as training data, any one feature or a plurality of features from among a word/phrase-related feature, an image-related feature, an HTML source code-related feature and a communication log-related feature, the feature or the features being included in the information relating to the web page.