Abstract: The present disclosure provides for systems and methods for generating an image of a web resource to detect a modification of the web resource. An exemplary method includes selecting one or more objects of the web resource based on one or more object attributes; identifying a plurality of tokens for each selected object based on contents of the selected object; calculating a hash signature for each selected object of the web resource using the identified plurality of tokens; identifying potentially malicious calls within the identified plurality of tokens; generating an image of the web resource based on the plurality of hash signatures and based on the identified potentially malicious calls, wherein the image of the web resource comprises a vector representation of the contents of the web resource; and detecting whether the web resource is modified based on the image of the web resource.

Abstract: Disclosed are systems and methods for determining dangerousness of devices for a banking service. In one aspect, the method comprises detecting an interaction between a user device and the banking service, acquiring characteristics of the user device including one or more of: an operating system under whose control the user device is running, a location of the user device, a regional characteristic of a firmware of the user device, an account identifier associated with the user device, acquiring data related to a threat risk state of the user device, and determining a dangerousness of the user device based on the acquired characteristics and the acquired data related to the threat risk of the user device.

Abstract: The present disclosure provides for systems and methods for generating an image of a web resource to detect a modification of the web resource. An exemplary method includes selecting one or more objects of the web resource based on one or more object attributes; identifying a plurality of tokens for each selected object based on contents of the selected object; calculating a hash signature for each selected object of the web resource using the identified plurality of tokens; identifying potentially malicious calls within the identified plurality of tokens; generating an image of the web resource based on the plurality of hash signatures and based on the identified potentially malicious calls, wherein the image of the web resource comprises a vector representation of the contents of the web resource; and detecting whether the web resource is modified based on the image of the web resource.

Abstract: Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes, by a hardware processor, receiving user behavior data provided by an input device specifying a user interaction with graphical user interface (GUI) elements of a first application on a computing device for a transaction with a remote server, training a behavior classification algorithm using known behavior of the user, calculating an anomalous user behavior coefficient based on the user behavior data and the behavior classification algorithm, wherein the anomalous user behavior coefficient represents a likelihood that the user's interaction with the plurality of groups of elements of the graphical interface was fraudulent, detecting whether the user interaction is a software-imitated user interaction based on the anomalous user behavior coefficient, and responsive to detecting a software-imitated user interaction, blocking the transaction with the remote server.

Abstract: The present disclosure provides for systems and methods for detecting a modification of a web resource. An exemplary method comprises generating a script for verifying the integrity of the web resource, wherein the script is a description of the process of calculating characteristics of objects of that web resource, embedding the script in the web resource, receiving a convolution of the web resource after execution, generating an image of the web resource on the basis of the at least one calculated convolution, the image of the web resource being a vector representation of the content of the web resource and making, by a processor, a decision as to the modification of the web resource on the basis of the determined characteristics of modification of the web resource.

Abstract: Disclosed are systems and methods for determining dangerousness of devices for a banking service. In one aspect, the method comprises detecting an interaction between a user device and the banking service, acquiring characteristics of the user device including one or more of: an operating system under whose control the user device is running, a location of the user device, a regional characteristic of a firmware of the user device, an account identifier associated with the user device, acquiring data related to a threat risk state of the user device, and determining a dangerousness of the user device based on the acquired characteristics and the acquired data related to the threat risk of the user device.

Abstract: Disclosed are systems and methods of identifying a new device during a user's interaction with online services, such as banking services. In one aspect, a method is provided comprising collecting fingerprint for a device associated with a user, isolating, from the fingerprint, one or more key characteristics of the device which affect device security, performing clustering of previously known devices used by the user based on the one or more key characteristics, computing a difference between the one or more key characteristics of the device and one or more key characteristics of one or more devices which the user previously used to access an online service, wherein the one or more devices are from among the clustering of previously known devices and determining that the device is a new device used by the user when the difference exceeds a threshold value.

Abstract: Disclosed are systems and methods for identifying potentially dangerous devices during the interaction of a user with banking services. When there are interactions between a user's device(s) and banking services, the described technique acquires a digital fingerprint of the user device. That digital fingerprint indicates at least one characteristic of the user device. Clusters associated with the user device are created based on the at least one characteristic of the user device. Each cluster is associated with a corresponding threat degree. In response to determining that the user device is a threat risk based on the one or more generated clusters, transactions being carried out between the user device and the banking services may be blocked.

Abstract: The present disclosure provides for systems and methods for detecting a modification of a web resource. An exemplary method comprises generating a script for verifying the integrity of the web resource, wherein the script is a description of the process of calculating characteristics of objects of that web resource, embedding the script in the web resource, receiving a convolution of the web resource after execution, generating an image of the web resource on the basis of the at least one calculated convolution, the image of the web resource being a vector representation of the content of the web resource and making, by a processor, a decision as to the modification of the web resource on the basis of the determined characteristics of modification of the web resource.

Abstract: Disclosed are systems and methods of identifying a new device during a user's interaction with online services, such as banking services. In one aspect, a method is provided comprising collecting fingerprint for a device associated with a user, isolating, from the fingerprint, one or more key characteristics of the device which affect device security, performing clustering of previously known devices used by the user based on the one or more key characteristics, computing a difference between the one or more key characteristics of the device and one or more key characteristics of one or more devices which the user previously used to access an online service, wherein the one or more devices are from among the clustering of previously known devices and determining that the device is a new device used by the user when the difference exceeds a threshold value.

Abstract: Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes: collecting user behavior data during the user's interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Abstract: Disclosed is a system and method for detecting fraudulent transactions. An example method includes receiving, by a communication interface, data relating to an electronic transaction, including at least one of user actions data and malware actions data, analyzing, by a hardware processor, the data to determine whether the electronic transaction is a possible fraudulent transaction based on a predetermined algorithm stored in an electronic memory, determining, by the hardware processor, whether the possible fraudulent transaction is a legitimate electronic transaction and adjusting, by the hardware processor, operating parameters of the predetermined algorithm when the hardware processor determines that the possible fraudulent transaction is a legitimate electronic transaction.

Abstract: Disclosed are systems and methods for identifying potentially dangerous devices during the interaction of a user with banking services. When there are interactions between a user's device(s) and banking services, the described technique acquires a digital fingerprint of the user device. That digital fingerprint indicates at least one characteristic of the user device. Clusters associated with the user device are created based on the at least one characteristic of the user device. Each cluster is associated with a corresponding threat degree. In response to determining that the user device is a threat risk based on the one or more generated clusters, transactions being carried out between the user device and the banking services may be blocked.

Abstract: Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes collecting user behavior data during the user's interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Abstract: Disclosed are system and method for identifying suspicious user behavior during a user's interaction with various banking services. One exemplary method comprises: receiving information relating to user's interaction with two or more banking services from at least two computing devices used by a user for interacting through a user account with each banking service; receiving an identifier of each computing device; determining a model of user behavior based at least on received information and identifers; calculating a probability of fraud based at least on the model of user behavior; determining and forming patterns of suspicious user behavior; and determining whether a current user activity in interacting with at least one banking services is suspicious based at least upon the patterns.

Abstract: A system and method is provided for recognizing transactions as trusted. An exemplary method includes receiving parameters for a plurality of transactions executed by a user and obtaining one or more attributes of the user from a bank associated with the user. Furthermore, the method includes, for each of the plurality of transactions, determining whether a predetermined number of trust conditions are met by the at least one parameter of the transaction and the at least one attribute of the user; and for each of the plurality of transactions, determining that the transaction is trusted if the predetermined number of trust conditions are met. Moreover, the method includes determining that a verification condition is met if the processor determines that a specified number of the plurality of transactions is deemed trusted; and recognizing a subsequent transaction executed by the user is trusted if the verification condition is met.

Abstract: Disclosed are system and method for detecting fraudulent activity in user transactions. An exemplary method comprising: collecting user behavior data during user's interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Abstract: System and method for categorizing a plurality of network resources. Collected properties of a network resource are analyzed to determine applicability of various predefined categories to that network resource. At least one category from among the predefined categories is assigned to that network resource according to a determination of applicability of the at least one category to the network resource. A resource-specific time interval for re-categorizing each one of the network resources is dynamically adjusted based on a plurality of previous categorization results for that network resource, such that different network resources will be associated with correspondingly different re-categorization intervals.

Abstract: Disclosed is a system and method for detecting fraudulent transactions. An example method includes receiving data relating to an electronic transaction, including at least one of user actions data and malware actions data; analyzing, the data to determine whether the electronic transaction is a possible fraudulent transaction based on a predetermined algorithm stored in an electronic memory; determining whether the possible fraudulent transaction is a legitimate electronic transaction, and adjusting the operating parameters of the predetermined algorithm if the hardware processor determines that the possible fraudulent transaction is a legitimate electronic transaction.

Abstract: System and method for categorizing a plurality of network resources. Collected properties of a network resource are analyzed to determine applicability of various predefined categories to that network resource. At least one category from among the predefined categories is assigned to that network resource according to a determination of applicability of the at least one category to the network resource. A resource-specific time interval for re-categorizing each one of the network resources is dynamically adjusted based on a plurality of previous categorization results for that network resource, such that different network resources will be associated with correspondingly different re-categorization intervals.