Abstract: There is provided a method and a server for retraining a machine learning algorithm (MLA), the MLA having been trained to classify documents based on features thereof. A resource having a plurality of content items submitted by users is accessed. At least one content item associated with a document having been presented as a search result by a search engine server in response to a search query is identified. The at least one content item is analyzed based on a set of features to determine if the document has been misclassified by the MLA in response to the search query. In response to determining that the document has been misclassified, a training object is generated based on the misclassified document. Other misclassified documents are identified in a similar manner to obtain a set of training objects. The MLA is then retrained based on the set of training objects.

Abstract: There is disclosed a method for identifying malicious activity of a pre-determined type. The method comprises acquiring, an indication of a plurality of web resources, each of the plurality of web resources being accessible via a communication network at a respective network address; analyzing, the plurality of web resources to identify a subset of web resources being candidates for being associated with the malicious activity; executing, an automated browser application, the automated browser application being configured to: access each of the web resources within the subset of web resources; and analyzing, by the server, a log associated with the automated browser application accessing each of the web resources, the log comprising an indication of a presence of a cookie unrelated to each of the web resources; determining, for a given web resource included within the subset of web resources, a presence of malicious activity based on the log.

Abstract: There is disclosed a method for identifying malicious activity of a pre-determined type. The method comprises acquiring, an indication of a plurality of web resources, each of the plurality of web resources being accessible via a communication network at a respective network address; analyzing, the plurality of web resources to identify a subset of web resources being candidates for being associated with the malicious activity; executing, an automated browser application, the automated browser application being configured to: access each of the web resources within the subset of web resources; and analyzing, by the server, a log associated with the automated browser application accessing each of the web resources, the log comprising an indication of a presence of a cookie unrelated to each of the web resources; determining, for a given web resource included within the subset of web resources, a presence of malicious activity based on the log.

Abstract: There is provided a method and a server for retraining a machine learning algorithm (MLA), the MLA having been trained to classify documents based on features thereof. A resource having a plurality of content items submitted by users is accessed. At least one content item associated with a document having been presented as a search result by a search engine server in response to a search query is identified. The at least one content item is analyzed based on a set of features to determine if the document has been misclassified by the MLA in response to the search query. In response to determining that the document has been misclassified, a training object is generated based on the misclassified document. Other misclassified documents are identified in a similar manner to obtain a set of training objects. The MLA is then retrained based on the set of training objects.