Abstract: Mechanisms are provided to detect content generated from phishing attacks. The mechanisms process an electronic communication, received from a data network, to produce a structure token. The structure token represents a content structure of the electronic communication. The structure token is processed by a machine learning model, which is trained to identify content that is generated in response to one or more phishing attacks. The machine learning model produces a classification output that indicates whether the electronic communication includes content that was generated in response to the one or more phishing attacks.

Abstract: Mechanisms are provided to detect phishing exfiltration communications. The mechanisms receive an input electronic communication from a data network and process the input electronic communication to extract a structure token that represents the content structure of the input electronic communication. The structure token is input to a machine learning model that is trained to identify phishing exfiltration communication grammars, and relationships between phishing exfiltration communication grammars, in structure tokens. The machine learning model processes the structure token to generate a vector output indicating computed values for processing by classification logic. The classification logic processes the vector output from the machine learning model to classify the input electronic communication as either a phishing exfiltration communication or a non-phishing exfiltration communication, and outputs a corresponding classification output.

Abstract: Mechanisms are provided to detect phishing exfiltration communications. The mechanisms receive an input electronic communication from a data network and process the input electronic communication to extract a structure token that represents the content structure of the input electronic communication. The structure token is input to a machine learning model that is trained to identify phishing exfiltration communication grammars, and relationships between phishing exfiltration communication grammars, in structure tokens. The machine learning model processes the structure token to generate a vector output indicating computed values for processing by classification logic. The classification logic processes the vector output from the machine learning model to classify the input electronic communication as either a phishing exfiltration communication or a non-phishing exfiltration communication, and outputs a corresponding classification output.

Abstract: Mechanisms are provided to detect phishing exfiltration communications. The mechanisms receive an input electronic communication from a data network and process the input electronic communication to extract a structure token that represents the content structure of the input electronic communication. The structure token is input to a machine learning model that is trained to identify phishing exfiltration communication grammars, and relationships between phishing exfiltration communication grammars, in structure tokens. The machine learning model processes the structure token to generate a vector output indicating computed values for processing by classification logic. The classification logic processes the vector output from the machine learning model to classify the input electronic communication as either a phishing exfiltration communication or a non-phishing exfiltration communication, and outputs a corresponding classification output.

Abstract: Embodiments provide a computer implemented method for detecting a phishing internet link, wherein an internet link is a Uniform Resource Locator (URL) or a domain name, the method including: receiving the internet link; replacing one or more visually confusing characters with one or more original characters, wherein the one or more visually confusing characters are similar to the one or more original characters; removing a top-level domain from the internet link; removing a common subdomain from the internet link; splitting the remaining internet link into a list of words; converting the list of words into a list of word vectors; calculating an average word vector of the list of word vectors; and providing a phishing score for the average vector, indicating a probability of the internet link being a phishing internet link.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: Embodiments provide a computer implemented method for detecting a phishing internet link, wherein an internet link is a Uniform Resource Locator (URL) or a domain name, the method including: receiving the internet link; replacing one or more visually confusing characters with one or more original characters, wherein the one or more visually confusing characters are similar to the one or more original characters; removing a top-level domain from the internet link; removing a common subdomain from the internet link; splitting the remaining internet link into a list of words; converting the list of words into a list of word vectors; calculating an average word vector of the list of word vectors; and providing a phishing score for the average vector, indicating a probability of the internet link being a phishing internet link.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: Mechanisms are provided to detect phishing exfiltration communications. The mechanisms receive an input electronic communication from a data network and process the input electronic communication to extract a structure token that represents the content structure of the input electronic communication. The structure token is input to a machine learning model that is trained to identify phishing exfiltration communication grammars, and relationships between phishing exfiltration communication grammars, in structure tokens. The machine learning model processes the structure token to generate a vector output indicating computed values for processing by classification logic. The classification logic processes the vector output from the machine learning model to classify the input electronic communication as either a phishing exfiltration communication or a non-phishing exfiltration communication, and outputs a corresponding classification output.

Abstract: An example operation may include one or more of identifying a page of a website for phishing testing, attempting each of a Hypertext Transfer Protocol (HTTP) GET request and a HTTP Secure (HTTPS) GET request via the identified page of the website, attempting each of a HTTP POST request and a HTTPS POST request via the identified page of the website, determining if the website is a phishing website based on server responses to the attempted HTTP and HTTPS GET requests and the attempted HTTP and HTTPS POST requests received from the website, and in response to determining the website is a phishing website, outputting an indication of the determination for display on a display device.

Abstract: A computer-implemented method for reducing undesired crosstalk signals on an inactive channel of a device comprising the steps of: (i) determining system volume levels and associated signal amplitudes required to achieve a range of desired audio output attenuation levels on an active channel of the device; (ii) determining a crosstalk compensation signal comprising a signal amplitude and associated phase shift required to reduce undesired crosstalk on the inactive channel of the device for each desired audio output attention level in the range of desired audio output attenuation levels; and (iii) generating a desired audio output attenuation level on the active channel of the device by generating a signal at the determined system volume level and associated signal amplitude required to achieve said desired audio output attenuation level, and generating a contemporaneous crosstalk compensation signal on the inactive channel of the device by generating a signal at the determined signal amplitude and associated

Abstract: An example operation may include one or more of identifying a page of a website for phishing testing, attempting each of a Hypertext Transfer Protocol (HTTP) GET request and a HTTP Secure (HTTPS) GET request via the identified page of the website, attempting each of a HTTP POST request and a HTTPS POST request via the identified page of the website, determining if the website is a phishing website based on server responses to the attempted HTTP and HTTPS GET requests and the attempted HTTP and HTTPS POST requests received from the website, and in response to determining the website is a phishing website, outputting an indication of the determination for display on a display device.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: An embodiment for tracking JavaScript actions in a rich Internet application, receives a document object model (DOM) representative of a particular page of an application at a particular time and analyzes the DOM received to identify each JavaScript action on the particular page for which each JavaScript action identified, a JavaScript action characteristics ID is calculated and stored. Responsive to a determination multiple instances of a same ID exist, collecting a list of JavaScript actions corresponding to each ID corresponding to a multiple JavaScript action and removing from memory JavaScript action entries for the multiple instances of the same ID. A neighbor influence is computed for a member of the list of JavaScript actions remaining and the JavaScript action ID calculated for the member of the list of JavaScript actions remaining is stored. Responsive to a determination there are no more multiple JavaScript actions, return all JavaScript action IDs stored.

Abstract: A computer-implemented method for reducing undesired crosstalk signals on an inactive channel of a device comprising the steps of: (i) determining system volume levels and associated signal amplitudes required to achieve a range of desired audio output attenuation levels on an active channel of the device; (ii) determining a crosstalk compensation signal comprising a signal amplitude and associated phase shift required to reduce undesired crosstalk on the inactive channel of the device for each desired audio output attention level in the range of desired audio output attenuation levels; and (iii) generating a desired audio output attenuation level on the active channel of the device by generating a signal at the determined system volume level and associated signal amplitude required to achieve said desired audio output attenuation level, and generating a contemporaneous crosstalk compensation signal on the inactive channel of the device by generating a signal at the determined signal amplitude and associated

Abstract: Embodiments are directed to computing, by an apparatus comprising a processing device, an identifier (ID) for an element in a page using an algorithm responsive to encountering the element a first time, causing, by the apparatus, the ID to be stored in a storage device, encountering, by the apparatus, the element a second time, determining, by the apparatus, that the element is encountered the second time, and responsive to determining that the element is encountered the second time, representing, by the apparatus, the element by the ID at the time of the second encounter by retrieving the ID from the storage device.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: Embodiments are directed to computing, by an apparatus comprising a processing device, an identifier (ID) for an element in a page using an algorithm responsive to encountering the element a first time, causing, by the apparatus, the ID to be stored in a storage device, encountering, by the apparatus, the element a second time, determining, by the apparatus, that the element is encountered the second time, and responsive to determining that the element is encountered the second time, representing, by the apparatus, the element by the ID at the time of the second encounter by retrieving the ID from the storage device.