Abstract: Identifying a malicious web page that impersonates a legitimate web page, including extracting HMTL source and a certificate for a specified web page, parsing the extracted HTML to identify objects, forms, links, templates, images and logos embedded in the HTML, and determining whether or not the HTML source harvests user credentials. If the determining is negative, then marking the specified web page as clean. If the determining is affirmative, then verifying the origin and ownership of the extracted certificate by examining its digital signature to determine a possibility of an impersonation attempt, applying image recognition to the identified images and logos, and comparing the identified images and logos to known images and brand logos of the certificate owner. If the comparing is affirmative, then mark the web page as clean. If the comparing is negative, then mark the web page as suspicious and block the web page from being accessed.

Abstract: A locally or remotely executing Contextual Data Processing Framework or plugin can be integrated with existing network infrastructures to enhance threat detection, intelligence, and remediation solutions. The Contextual Data Processing Framework can be deployed within the local infrastructure with one or more computing devices on one or more networks or may operate as a Software as a Service (SaaS) on a remote service for the local infrastructures. The Contextual Data Processing Framework leverages multiple stages that involve gathering local infrastructure data, processing, scanning, and contextualizing the gathered data, discovering relationships with other data, and then classifying data objects within recognized context and generating reports as necessary. The Contextual Data Processing Framework can be integrated with machine learning (ML) or artificial intelligence (AI) solutions to learn and automate the decisive processes.

Abstract: Identifying a malicious web page that impersonates a legitimate web page, including extracting HMTL source and a certificate for a specified web page, parsing the extracted HTML to identify objects, forms, links, templates, images and logos embedded in the HTML, and determining whether or not the HTML source harvests user credentials. If the determining is negative, then marking the specified web page as clean. If the determining is affirmative, then verifying the origin and ownership of the extracted certificate by examining its digital signature to determine a possibility of an impersonation attempt, applying image recognition to the identified images and logos, and comparing the identified images and logos to known images and brand logos of the certificate owner. If the comparing is affirmative, then mark the web page as clean. If the comparing is negative, then mark the web page as suspicious and block the web page from being accessed.