Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include identifying first webpage content comprises phishing content, determining, using a reinforcement learning (RL) agent, at least one action, generating, based on the determined at least one action and the identified first webpage content, altered first webpage content, identifying that the altered first webpage content is benign, generating, based on the determined at least one action and second webpage content, altered second webpage content, and training, based on the altered second webpage content and a corresponding label of phishing, a phishing detector.

Systems and method for URL filtering are provided herein. In some embodiments, a system includes a processor programmed to receive a URL request to access a resource associated with the URL; perform a first layer of URL filtering by comparing the URL to a blocklist of malicious URLs; determine that the URL does not match a URL on the blocklist; perform a second layer of filtering by applying a machine learning algorithm to analyze the URL to predict whether the URL is malicious; and generate and transmit a URL filter determination that the URL is malicious and update the blocklist to include the URL.

Websites are monitored for changes over time. A domain name server resolves a domain name to a single internet protocol address and then performs a reverse resolution for the single internet protocol address. When multiple alias records resolve to the same host name, the domain name server determines the single internet protocol address virtually hosts multiple domain names.

A method and apparatus for using a dynamic security certificate. The method analyzes a browser to access browser information and generates a dynamic security certificate based on the browser information. The method modifies a configuration file for the browser to cause the browser to trust the dynamic security certificate and inserts the dynamic security certificate into the browser to enable a client application to access encrypted data available to the browser. The method may be performed solely upon a user device or have portions thereof performed by a user device and a server.

A system, apparatus and method for detecting uniform resource locators (URLs) of undesirable web pages comprising identifying a web page having an associated URL, rendering the content of the web page and logging the URL associated with the web page. The rendered content is analyzed by applying a machine learning algorithm comprising a neural network, where the neural network analyzes the rendered content to identify undesirable attributes within the rendered content. Upon identifying undesirable content, the URL is stored in a database for subsequent use by user devices to control access to the URL and its associated web page.

A computer-implemented method for securely providing information external to documents may include identifying a document that may include at least one link to content external to the document, retrieving the content external to the document from the link, converting the content external to the document to embeddable content in a secure format that can be embedded within the document and creating a secure version of the document at least in part by embedding the embeddable content that has been converted to the secure format into the document. Various other methods, systems, and computer-readable media are also disclosed.

Methods, apparatuses, and storage mediums are provided for acquiring a legitimate installation package the field of computer technology. The method includes: acquiring characteristic information of a first installation package; sending the characteristic information to an authentication server; receiving a differential package fed back by the authentication server; and combining the differential package with the first installation package to obtain a legitimate installation package. The present disclosure solves the problem in the prior art that a user can only download a legitimate installation package of an application again to re-install the application when the user finds that malicious codes are implanted in an installed installation package of the application.

A method and corresponding computer system for authenticating a network resource are disclosed. The method comprises receiving an input at a computer system over a network, the input comprising a network resource identifier and information indicative of an authentication entity associated with the network resource; automatically identifying stored data using the information indicative of the authentication entity, the stored data comprising contact information associated with the authentication entity; automatically transmitting an electronic message to the authentication entity using the identified contact information, the electronic message providing the authentication entity with the network resource identifier and means for authenticating the network resource; and automatically storing the network resource identifier. A search engine for authenticated network resources and a method and corresponding computer system for authenticating an entity are also disclosed.

A security server for dynamic verification of web content located on a platform in the cloud or in the edge which runs artificial intelligence (AI) algorithms including a collector receiving collection of user interactions from an adapted browser of a remote to simulate content of pages loaded on the device based on user interactions from an adapted browser located on the end-user device navigating on the web and for sampling the outcome of these interactions at irregular time intervals, this sample resulting a fixed image such as JPG or PNG, a data mining and artificial intelligence (AI) algorithm relying on image processing executed while sample interval to detect object or patterns on the displayed content, a heartbeat generator generates heartbeat at regular interval and transmits at a continuous interval to the end-user's device to indicate to the adapted browser of the device it may display the content.

Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., “shingles”), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.