Abstract: The present disclosure provides for systems and methods for generating an image of a web resource to detect a modification of the web resource. An exemplary method includes selecting one or more objects of the web resource based on one or more object attributes; identifying a plurality of tokens for each selected object based on contents of the selected object; calculating a hash signature for each selected object of the web resource using the identified plurality of tokens; identifying potentially malicious calls within the identified plurality of tokens; generating an image of the web resource based on the plurality of hash signatures and based on the identified potentially malicious calls, wherein the image of the web resource comprises a vector representation of the contents of the web resource; and detecting whether the web resource is modified based on the image of the web resource.

Abstract: Disclosed are systems and methods for determining dangerousness of devices for a banking service. In one aspect, the method comprises detecting an interaction between a user device and the banking service, acquiring characteristics of the user device including one or more of: an operating system under whose control the user device is running, a location of the user device, a regional characteristic of a firmware of the user device, an account identifier associated with the user device, acquiring data related to a threat risk state of the user device, and determining a dangerousness of the user device based on the acquired characteristics and the acquired data related to the threat risk of the user device.

Abstract: The present disclosure provides for systems and methods for generating an image of a web resource to detect a modification of the web resource. An exemplary method includes selecting one or more objects of the web resource based on one or more object attributes; identifying a plurality of tokens for each selected object based on contents of the selected object; calculating a hash signature for each selected object of the web resource using the identified plurality of tokens; identifying potentially malicious calls within the identified plurality of tokens; generating an image of the web resource based on the plurality of hash signatures and based on the identified potentially malicious calls, wherein the image of the web resource comprises a vector representation of the contents of the web resource; and detecting whether the web resource is modified based on the image of the web resource.

Abstract: Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes, by a hardware processor, receiving user behavior data provided by an input device specifying a user interaction with graphical user interface (GUI) elements of a first application on a computing device for a transaction with a remote server, training a behavior classification algorithm using known behavior of the user, calculating an anomalous user behavior coefficient based on the user behavior data and the behavior classification algorithm, wherein the anomalous user behavior coefficient represents a likelihood that the user's interaction with the plurality of groups of elements of the graphical interface was fraudulent, detecting whether the user interaction is a software-imitated user interaction based on the anomalous user behavior coefficient, and responsive to detecting a software-imitated user interaction, blocking the transaction with the remote server.

Abstract: The present disclosure provides for systems and methods for detecting a modification of a web resource. An exemplary method comprises generating a script for verifying the integrity of the web resource, wherein the script is a description of the process of calculating characteristics of objects of that web resource, embedding the script in the web resource, receiving a convolution of the web resource after execution, generating an image of the web resource on the basis of the at least one calculated convolution, the image of the web resource being a vector representation of the content of the web resource and making, by a processor, a decision as to the modification of the web resource on the basis of the determined characteristics of modification of the web resource.

Abstract: Disclosed are systems and methods for determining dangerousness of devices for a banking service. In one aspect, the method comprises detecting an interaction between a user device and the banking service, acquiring characteristics of the user device including one or more of: an operating system under whose control the user device is running, a location of the user device, a regional characteristic of a firmware of the user device, an account identifier associated with the user device, acquiring data related to a threat risk state of the user device, and determining a dangerousness of the user device based on the acquired characteristics and the acquired data related to the threat risk of the user device.

Abstract: Disclosed are systems and methods of identifying a new device during a user's interaction with online services, such as banking services. In one aspect, a method is provided comprising collecting fingerprint for a device associated with a user, isolating, from the fingerprint, one or more key characteristics of the device which affect device security, performing clustering of previously known devices used by the user based on the one or more key characteristics, computing a difference between the one or more key characteristics of the device and one or more key characteristics of one or more devices which the user previously used to access an online service, wherein the one or more devices are from among the clustering of previously known devices and determining that the device is a new device used by the user when the difference exceeds a threshold value.

Abstract: Disclosed are systems and methods for identifying potentially dangerous devices during the interaction of a user with banking services. When there are interactions between a user's device(s) and banking services, the described technique acquires a digital fingerprint of the user device. That digital fingerprint indicates at least one characteristic of the user device. Clusters associated with the user device are created based on the at least one characteristic of the user device. Each cluster is associated with a corresponding threat degree. In response to determining that the user device is a threat risk based on the one or more generated clusters, transactions being carried out between the user device and the banking services may be blocked.

Abstract: The present disclosure provides for systems and methods for detecting a modification of a web resource. An exemplary method comprises generating a script for verifying the integrity of the web resource, wherein the script is a description of the process of calculating characteristics of objects of that web resource, embedding the script in the web resource, receiving a convolution of the web resource after execution, generating an image of the web resource on the basis of the at least one calculated convolution, the image of the web resource being a vector representation of the content of the web resource and making, by a processor, a decision as to the modification of the web resource on the basis of the determined characteristics of modification of the web resource.

Abstract: Disclosed are systems and methods of identifying a new device during a user's interaction with online services, such as banking services. In one aspect, a method is provided comprising collecting fingerprint for a device associated with a user, isolating, from the fingerprint, one or more key characteristics of the device which affect device security, performing clustering of previously known devices used by the user based on the one or more key characteristics, computing a difference between the one or more key characteristics of the device and one or more key characteristics of one or more devices which the user previously used to access an online service, wherein the one or more devices are from among the clustering of previously known devices and determining that the device is a new device used by the user when the difference exceeds a threshold value.

Abstract: Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes: collecting user behavior data during the user's interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Abstract: Disclosed are systems and methods for identifying potentially dangerous devices during the interaction of a user with banking services. When there are interactions between a user's device(s) and banking services, the described technique acquires a digital fingerprint of the user device. That digital fingerprint indicates at least one characteristic of the user device. Clusters associated with the user device are created based on the at least one characteristic of the user device. Each cluster is associated with a corresponding threat degree. In response to determining that the user device is a threat risk based on the one or more generated clusters, transactions being carried out between the user device and the banking services may be blocked.

Abstract: Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes collecting user behavior data during the user's interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Abstract: Disclosed are system and method for detecting fraudulent activity in user transactions. An exemplary method comprising: collecting user behavior data during user's interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Abstract: System and method for categorizing a plurality of network resources. Collected properties of a network resource are analyzed to determine applicability of various predefined categories to that network resource. At least one category from among the predefined categories is assigned to that network resource according to a determination of applicability of the at least one category to the network resource. A resource-specific time interval for re-categorizing each one of the network resources is dynamically adjusted based on a plurality of previous categorization results for that network resource, such that different network resources will be associated with correspondingly different re-categorization intervals.

Abstract: Disclosed system and methods for detecting spam using shingles. An example system identifies in a received message one or more insignificant text portions based on a text pattern database storing defined insignificant text patterns not containing spam; removes at least a portion of the one or more identified insignificant text portions from the message to generate an abridged and canonized message; generates a set of shingles from the abridged and canonized message; identifies in the set of shingles one or more shingles based on a shingles database storing defined insignificant shingles that occur only in messages not containing spam; removes one or more identified shingles from the set of shingles to generate a reduced set of shingles upon detecting the one or more identified shingles matching at least one of the defined insignificant shingles; and determines whether the received message contains spam based on the reduced set of shingles.

Abstract: System and method for categorizing a plurality of network resources. Collected properties of a network resource are analyzed to determine applicability of various predefined categories to that network resource. At least one category from among the predefined categories is assigned to that network resource according to a determination of applicability of the at least one category to the network resource. A resource-specific time interval for re-categorizing each one of the network resources is dynamically adjusted based on a plurality of previous categorization results for that network resource, such that different network resources will be associated with correspondingly different re-categorization intervals.

Abstract: System and method for categorizing a plurality of network resources. Collected properties of a network resource are analyzed to determine applicability of various predefined categories to that network resource. At least one category from among the predefined categories is assigned to that network resource according to a determination of applicability of the at least one category to the network resource. A resource-specific time interval for re-categorizing each one of the network resources is dynamically adjusted based on a plurality of previous categorization results for that network resource, such that different network resources will be associated with correspondingly different re-categorization intervals.

Abstract: Disclosed system and methods for detecting spam using shingles. An example system identifies in a received message one or more insignificant text portions based on a text pattern database storing defined insignificant text patterns not containing spam; removes at least a portion of the one or more identified insignificant text portions from the message to generate an abridged and canonized message; generates a set of shingles from the abridged and canonized message; identifies in the set of shingles one or more shingles based on a shingles database storing defined insignificant shingles that occur only in messages not containing spam; removes one or more identified shingles from the set of shingles to generate a reduced set of shingles upon detecting the one or more identified shingles matching at least one of the defined insignificant shingles; and determines whether the received message contains spam based on the reduced set of shingles.

Abstract: Disclosed system and methods for detecting spam using shingles. In one aspect, the system receives an electronic message including at least a text portion. The system identifies in the received message insignificant text portions. The system then removes identified insignificant text portions to generate an abridged message. The system then generates a set of shingles from the abridged message. The system then indentifies in the generated set of shingles one or more shingles that occur only in messages not containing spam. The system then removes one or more identified shingles from the generated set of shingles to generate a reduced set of shingles. The system then performs spam filtering of the reduced set of shingles to determine whether the received message contains spam.