Abstract: A computer-implemented method of generating metadata from an image may comprise sending the image to an object detection service, which generates detections metadata from the image. The image may also be sent to a visual features extractor, which extracts visual features metadata from the image. The generated detections metadata may then be sent to an uncertainty score calculator, which computes an uncertainty score from the detections metadata. The uncertainty score may be related to a level of uncertainty within the detections metadata. The image, the visual features metadata, the detections metadata and the uncertainty score may then be stored in a database accessible over a computer network.

Abstract: A computer-implemented method of detecting logos in a graphical rendering may comprise detecting, using a first and a second trained object detector, logos in the graphical rendering and outputting a first and a second list of detections and filtering, using at least a first and a second prior performance-based filter, the received first and second lists of detections into a first group of kept detections, a second group of discarded detections and a third group of detections. Detections in the third group of detections may be clustered in at least one cluster comprising detections that are of a same class and that are generally co-located within the electronic image. A cluster score may then be assigned to each cluster. A set of detections of logos in the graphical rendering may then be output, the set comprising the detections in the first group and a detection from each of the clusters whose assigned cluster score is greater than a respective threshold.

Abstract: A computer-implemented method of detecting logos in a graphical rendering may comprise detecting, using a first and a second trained object detector, logos in the graphical rendering and outputting a first and a second list of detections and filtering, using at least a first and a second prior performance-based filter, the received first and second lists of detections into a first group of kept detections, a second group of discarded detections and a third group of detections. Detections in the third group of detections may be clustered in at least one cluster comprising detections that are of a same class and that are generally co-located within the electronic image. A cluster score may then be assigned to each cluster. A set of detections of logos in the graphical rendering may then be output, the set comprising the detections in the first group and a detection from each of the clusters whose assigned cluster score is greater than a respective threshold.

Abstract: A method of collecting training data related to a branded phishing URL may comprise retrieving a phishing URL impersonating a brand; fetching a final webpage referenced thereby; determining the main language of the textual content thereof; rendering graphical representation(s) of the final webpage; extracting, from the source of URLs, information including the retrieved phishing URL, a brand, a type and a date associated therewith and storing the extracted information together with the final webpage and the rendered graphical representation(s). A message that contains a URL matching the phishing URL may then be retrieved. The main language of the textual content of the message may be determined and graphical representations thereof rendered. A record may be updated with the message, the main language and the rendered graphical representations, which may be made accessible as training data to train users to recognize phishing websites and messages.

Abstract: A computer-implemented method of generating metadata from an image may comprise sending the image to an object detection service, which generates detections metadata from the image. The image may also be sent to a visual features extractor, which extracts visual features metadata from the image. The generated detections metadata may then be sent to an uncertainty score calculator, which computes an uncertainty score from the detections metadata. The uncertainty score may be related to a level of uncertainty within the detections metadata. The image, the visual features metadata, the detections metadata and the uncertainty score may then be stored in a database accessible over a computer network.

Abstract: A computer-implemented method of detecting logos in a graphical rendering may comprise detecting, using a first and a second trained object detector, logos in the graphical rendering and outputting a first and a second list of detections and filtering, using at least a first and a second prior performance-based filter, the received first and second lists of detections into a first group of kept detections, a second group of discarded detections and a third group of detections. Detections in the third group of detections may be clustered in at least one cluster comprising detections that are of a same class and that are generally co-located within the electronic image. A cluster score may then be assigned to each cluster. A set of detections of logos in the graphical rendering may then be output, the set comprising the detections in the first group and a detection from each of the clusters whose assigned cluster score is greater than a respective threshold.

Abstract: A method of collecting training data related to a branded phishing URL may comprise retrieving a phishing URL impersonating a brand; fetching a final webpage referenced thereby; determining the main language of the textual content thereof; rendering graphical representation(s) of the final webpage; extracting, from the source of URLs, information including the retrieved phishing URL, a brand, a type and a date associated therewith and storing the extracted information together with the final webpage and the rendered graphical representation(s). A message that contains a URL matching the phishing URL may then be retrieved. The main language of the textual content of the message may be determined and graphical representations thereof rendered. A record may be updated with the message, the main language and the rendered graphical representations, which may be made accessible as training data to train users to recognize phishing websites and messages.

Abstract: A computer-implemented method may comprise collecting and storing a plurality of electronic messages and a corresponding plurality of phishing kits, each of which being associated with one or several malicious Uniform Resource Locator (URL) and extracting a set of features from each of the plurality of electronic messages. For each of the extracted set of features, the method may comprise determining a set of optimal scanning parameters using one or more decision trees, trained with a supervised learning algorithm based on programmatically or manually examining or reverse-engineering the source code of the phishing kits, or trained with a supervised learning algorithm based on a function that iteratively requests data from the websites pointed to by the malicious URLs and examines data and codes returned by such requests.

Abstract: A method of collecting training data related to a branded phishing URL may comprise retrieving a phishing URL impersonating a brand; fetching a final webpage referenced thereby; determining the main language of the textual content thereof; rendering graphical representation(s) of the final webpage; extracting, from the source of URLs, information including the retrieved phishing URL, a brand, a type and a date associated therewith and storing the extracted information together with the final webpage and the rendered graphical representation(s). A message that contains a URL matching the phishing URL may then be retrieved. The main language of the textual content of the message may be determined and graphical representations thereof rendered. A record may be updated with the message, the main language and the rendered graphical representations, which may be made accessible as training data to train users to recognize phishing websites and messages.

Abstract: A computer-implemented method of detecting logos in a graphical rendering may comprise detecting, using a first and a second trained object detector, logos in the graphical rendering and outputting a first and a second list of detections and filtering, using at least a first and a second prior performance-based filter, the received first and second lists of detections into a first group of kept detections, a second group of discarded detections and a third group of detections. Detections in the third group of detections may be clustered in at least one cluster comprising detections that are of a same class and that are generally co-located within the electronic image. A cluster score may then be assigned to each cluster. A set of detections of logos in the graphical rendering may then be output, the set comprising the detections in the first group and a detection from each of the clusters whose assigned cluster score is greater than a respective threshold.

Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: A computer-implemented method of generating an augmented electronic text document comprises establishing a directed multigraph where each vertex is associated with a separate language and is connected to at least one other one of the vertices by an oriented edge indicative of a machine translation engine's ability to translate between languages associated with the vertices connected by the oriented edge with acceptable performance. The directed multigraph is then traversed starting at a predetermined origin vertex associated with an original language of the original electronic text document by randomly selecting an adjacent vertex pointed to by an oriented edge connected to the predetermined origin vertex and causing a machine translation engine to translate the original electronic text document from the original language to a language associated with the selected vertex.

Abstract: A computer-implemented method may comprise collecting and storing a plurality of electronic messages and a corresponding plurality of phishing kits, each of which being associated with one or several malicious Uniform Resource Locator (URL) and extracting a set of features from each of the plurality of electronic messages. For each of the extracted set of features, the method may comprise determining a set of optimal scanning parameters using one or more decision trees, trained with a supervised learning algorithm based on programmatically or manually examining or reverse-engineering the source code of the phishing kits, or trained with a supervised learning algorithm based on a function that iteratively requests data from the websites pointed to by the malicious URLs and examines data and codes returned by such requests.

Abstract: A computer-implemented method of detecting obfuscated code in an electronic message's attachment may comprise receiving, over a computer network, an electronic message comprising an attachment; determining the file type of the attachment; extracting one or more scripts from the attachment, computing a distance measure between selected one or more features of the extracted one or more scripts and corresponding one or more selected features of scripts of a model corpus of non-obfuscated script files and comparing the computed distance measure with a threshold. When the computed distance measure is at least as great as the threshold, it may be determined that the extracted one or more scripts comprise obfuscated code and a defensive action with respect to at least the attachment may be taken. When the computed distance measure is less than the threshold, it may be determined that the extracted one or more scripts does not comprise obfuscated code.

Abstract: A computer-implemented method of generating an augmented electronic text document comprises establishing a directed multigraph where each vertex is associated with a separate language and is connected to at least one other one of the vertices by an oriented edge indicative of a machine translation engine's ability to translate between languages associated with the vertices connected by the oriented edge with acceptable performance. The directed multigraph is then traversed starting at a predetermined origin vertex associated with an original language of the original electronic text document by randomly selecting an adjacent vertex pointed to by an oriented edge connected to the predetermined origin vertex and causing a machine translation engine to translate the original electronic text document from the original language to a language associated with the selected vertex.

Abstract: A computer-implemented method may comprise receiving an electronic message (such as a legitimate email or malicious phishing email, for example) over a computer network, the electronic message containing a uniform resource locator (URL). The URL in the received electronic message may be parsed and one or more original parameter may be identified therein. The type of the identified original parameter(s) may be determined. The identified original parameter(s) may then be transformed according to a parameter transformation rules, selected according to the determined type. to generate transformed parameter(s). The URL may then be reassembled by substituting the transformed parameter(s) for the original parameter(s). The website pointed to by the reassembled URL may then be accessed, over the computer network, using the transformed parameter(s) only if the reassembled URL meets a predetermined minimum criterion.

Abstract: A computer-implemented method may comprise collecting and storing a plurality of electronic messages and a corresponding plurality of phishing kits, each of which being associated with one or several malicious Uniform Resource Locator (URL) and extracting a set of features from each of the plurality of electronic messages. For each of the extracted set of features, the method may comprise determining a set of optimal scanning parameters using one or more decision trees, trained with a supervised learning algorithm based on programmatically or manually examining or reverse-engineering the source code of the phishing kits, or trained with a supervised learning algorithm based on a function that iteratively requests data from the websites pointed to by the malicious URLs and examines data and codes returned by such requests.

Abstract: A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user cred

Abstract: A computer-implemented method of generating an augmented electronic text document comprises establishing a directed multigraph where each vertex is associated with a separate language and is connected to at least one other one of the vertices by an oriented edge indicative of a machine translation engine's ability to translate between languages associated with the vertices connected by the oriented edge with acceptable performance. The directed multigraph is then traversed starting at a predetermined origin vertex associated with an original language of the original electronic text document by randomly selecting an adjacent vertex pointed to by an oriented edge connected to the predetermined origin vertex and causing a machine translation engine to translate the original electronic text document from the original language to a language associated with the selected vertex.

Abstract: A computer-implemented method of generating an augmented electronic text document comprises establishing a directed multigraph where each vertex is associated with a separate language and is connected to at least one other one of the vertices by an oriented edge indicative of a machine translation engine's ability to translate between languages associated with the vertices connected by the oriented edge with acceptable performance The directed multigraph is then traversed starting at a predetermined origin vertex associated with an original language of the original electronic text document by randomly selecting an adjacent vertex pointed to by an oriented edge connected to the predetermined origin vertex and causing a machine translation engine to translate the original electronic text document from the original language to a language associated with the selected vertex.