JP2024537659A - Machine learning based system and method using URL feature hashing, HTML encoding, and content page embedded images to detect phishing websites - Google Patents

Abstract

A phishing classifier is disclosed for classifying URLs and content pages as phishing or not, comprising a URL feature hasher that parses and hashes URLs into feature hashes, and a headless browser that visits and internally renders the pages of the URLs, extracts HTML tokens, and captures an image of the rendering. Also disclosed is a phishing classifier for classifying URLs and content pages accessed via the URLs as phishing or not, comprising a URL feature hasher that parses and hashes URLs into feature hashes, and a headless browser that visits and internally renders the pages of the URLs, extracts words from the rendering, and captures an image of the pages. Classifying URLs and content pages accessed via the URLs as phishing or not is further disclosed. In addition to one or more of the disclosures, there is a phishing classification layer, a URL embedder, and an HTML encoder.
[Selection diagram] None

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority to and the benefit of:

U.S. Application No. 17/475,236, entitled "A Machine Learning-Based System for Detecting Phishing Websites Using the URLs, Word encodings and Images of Content Pages," filed on September 14, 2021, which is now U.S. Patent No. 11,444,978 (Attorney Docket No. NSKO1052-1), issued on September 13, 2022; and

U.S. Application No. 17/475,233, entitled "Detecting Phishing Websites via a Machine Learning-Based System Using URL Feature Hashes, HTML Encodings and Embedded Images of Content Pages," filed September 14, 2021, which is now U.S. Patent No. 11,336,689 (Attorney Docket No. NSKO1060-1), issued May 17, 2022; and

U.S. Application No. 17/475,230, entitled "Machine Learning-Based Systems and Methods of Using URLs and HTML Encodings for Detecting Phishing Websites," filed on September 14, 2021, which is now U.S. Patent No. 11,438,377, issued on September 6, 2022 (Attorney Docket No. NSKO1061-1).

RELATED CASES This application is also related to the following applications, which are incorporated by reference for all purposes as if fully set forth herein:

U.S. Application No. 17/390,803 entitled "Preventing Cloud-Based Phishing Attacks Using Shared Documents with Malicious Links" filed on July 30, 2021 (Attorney Docket No. 1037-2), which is a continuation of U.S. Application No. 17/154,978 entitled "Preventing Phishing Attacks Via Document Sharing" filed on January 21, 2021, which is now U.S. Application No. 11,082,445 issued on August 3, 2021 (Attorney Docket No. NSKO1037-1).

INCORPORATION The following materials are incorporated by reference in this application.
“KDE Hyper Parameter Determination,” Yi Zhang et al. , Netskop, Inc. ,
U.S. Non-provisional Application No. 15/256,483, entitled “Machine Learning Based Anomaly Detection,” filed September 2, 2016 (Attorney Docket No. NSKO1004-2) (now U.S. Pat. No. 10,270,788, issued April 23, 2019);
U.S. Non-provisional Application No. 16/389,861, entitled “Machine Learning Based Anomaly Detection,” filed April 19, 2019 (Attorney Docket No. NSKO1004-3) (now U.S. Pat. No. 11,025,653, issued June 1, 2021);
U.S. Non-provisional Application No. 14/198,508, entitled “Security For Network Delivered Services,” filed March 05, 2014 (Attorney Docket No. NSKO1000-3) (now U.S. Pat. No. 9,270,765, issued February 23, 2016);
No. 15/368,240 (Attorney Docket No. NSKO1003-2), filed December 2, 2016 (now U.S. Pat. No. 10,826,940, issued November 3, 2020), entitled “Systems and Methods of Enforcing Multi-Part Policies on Data-Deficient Transactions of Cloud Computing Services” and U.S. Pat. No. 62/307,305 (Attorney Docket No. NSKO1003-1), entitled "Transactions of Cloud Computing Services";
“Cloud Security for Dummies, Netskope Special Edition” by Cheng, Ithal, Narayanaswamy, and Malmskog, John Wiley & Sons, Inc. 2015;
“Netskope Introspection” by Netskop, Inc. ;
“Data Loss Prevention and Monitoring in the Cloud” by Netskop, Inc. ;
“The 5 Steps to Cloud Confidence” by Netskope, Inc. ;
“Netskope Active Cloud DLP” by Netskope, Inc. ;
"Repave the Cloud-Data Breach Collision Course" by Netskope, Inc., and "Netskope Cloud Confidence Index™" by Netskope, Inc.

The disclosed technology relates generally to cloud-based security, and more specifically to systems and methods for detecting phishing websites using URLs, word encodings, and images of content pages. Also disclosed are methods and systems for using URL feature hashes, HTML encodings, and embedded images of content pages. The disclosed technology further relates to detecting phishing in real-time via URL links and downloaded HTML through machine learning and statistical analysis.

The subject matter discussed in this section should not be assumed to be prior art merely as a result of its mention in this section. Similarly, it should not be assumed that the problems mentioned in this section, or related to the subject matter provided as background, have been previously recognized in the prior art. The subject matter in this section merely represents different approaches and may, as such, correspond to implementation aspects of the claimed technology.

Phishing, sometimes called spearhead phishing, is on the rise. National news has been punctuated by exploits of documents obtained using passwords stolen through phishing. Typically, emails contain legitimate-looking links that lead to legitimate-looking pages where users enter their passwords, exposing them to a phishing attack. Cleaver phishing sites, such as credit card skimmers or gas pump or ATM sims, can forward the entered password to a real website, taking it out of the way so that users do not detect the password theft when it occurs. Work-from-home efforts in recent years have led to a significant increase in phishing attacks.

The term phishing refers to several methods for fraudulently obtaining confidential information from unsuspecting users over the web. Phishing stems, in part, from the use of increasingly sophisticated lures to elicit confidential company information. These methods are commonly referred to as phishing attacks. Website users fall victim to phishing attacks when the rendered web page mimics the appearance of a legitimate login page. Victims of phishing attacks are lured to fraudulent websites, resulting in the disclosure of confidential information such as bank account, login passwords, and social security IDs.

Recent data breach investigation reports indicate that there is a growing trend of large-scale attacks based on social engineering. This can be attributed in part to the increasing difficulty of exploits and in part to the use of advances in machine learning (ML) algorithms to prevent and detect such exploits. Phishing attacks are therefore becoming more frequent and sophisticated. New defensive solutions are needed.

Using ML/DL, an opportunity arises to classify URLs and content pages accessed via the URL as phishing or not phishing. There is also an opportunity to classify URLs and HTML accessed and downloaded via the URL links as phishing or not phishing in real time.

In the drawings, like reference characters generally refer to like parts throughout the different views. Also, the drawings are not necessarily to scale, with emphasis instead generally being placed upon illustrating the principles of the disclosed technology. In the following description, various implementations of the disclosed technology are described with reference to the following drawings:

According to an implementation of the disclosed technology, an architecture level schematic diagram of a system illustrates classifying URLs and content pages accessed via the URLs as phishing or non-phishing. 1 illustrates a high-level block diagram of the disclosed phishing detection engine that utilizes ML/DL encoding of URL feature hashes, encoding of natural language (NL) words, and encoding of captured website images to detect phishing sites. 1 illustrates an exemplary ResNet residual CNN block diagram for image classification for reference. FIG. 1 illustrates a high-level block diagram of the disclosed phishing detection engine, where each example URL uses ML/DL with URL feature hashing with ground truth classification as phishing or not phishing, encoding of HTML extracted from the content page, and embedding of an image captured from the example URL's content page to detect phishing sites. 1 illustrates a block diagram of a reference residual neural network (ResNet) that is pre-trained for image classification prior to use in a phishing detection engine. 6 illustrates a high level block diagram of the disclosed phishing detection engine 602 utilizing ML/DL with URL embedder and HTML encoder. 1 shows precision-recall graphs for several of the disclosed phishing detection systems. 1 illustrates an exemplary Receiver Operating Characteristic Curve (ROC) of the disclosed system for phishing website detection described herein. 1 illustrates an example Receiver Operating Characteristic Curve (ROC) for phishing website detection of the disclosed phishing detection engine utilizing ML/DL with URL embedder and HTML encoder. FIG. 1 illustrates a block diagram of the functionality of a one-dimensional 1D convolutional neural network (Conv1D) URL embedder that generates URL embeddings using C++ code expressed in the Open Neural Network Exchange (ONNX) format. 1 shows a block diagram of the functionality of the disclosed html encoder, which results in html encoding that is input to a phishing classifier layer. 1 shows a schematic block diagram of the disclosed html encoder, which provides the html encoding that is input to the phishing classifier layer. 6 illustrates, with C++ code expressed in Open Neural Network Exchange (ONNX) format, a computational dataflow graph of the functionality of the html encoder that results in an html encoding that is input to the phishing classifier layer 675. A section of the dataflow graph is shown in two columns separated by a dotted line, with connectors at the bottom of the left column flowing into the top of the right column, illustrating the input encoding and positional embedding. 6 illustrates a computational dataflow graph of the functionality of the html encoder, using C++ code expressed in Open Neural Network Exchange (ONNX) format, resulting in html encoding input to the phishing classifier layer 675. FIG. 7 illustrates a single iteration of multi-headed attention, showing an example of a dataflow graph with computational nodes that asynchronously transmit data along data connections. 6 illustrates, together with a computational dataflow graph of the functionality of the html encoder using C++ code expressed in Open Neural Network Exchange (ONNX) format, resulting in an html encoding that is input to the phishing classifier layer 675. The summation, normalization, and feedforward functionality using ONNX operations is illustrated using three columns separated by dotted lines. 1 illustrates a computational data flow graph of the disclosed phishing classifier layer functionality, using code expressed in Open Neural Network Exchange (ONNX) format, which generates a likelihood score(s) signaling how likely a particular website is to be a phishing website. FIG. 1 is a simplified block diagram of a computer system that may be used to classify a URL and a content page accessed via the URL as phishing or non-phishing, according to one implementation of the disclosed technology.

The following detailed description is provided with reference to the drawings. Sample implementations are described to illustrate the disclosed technology, but not to limit its scope as defined by the claims. The discussion is presented to enable those skilled in the art to make and use the disclosed technology, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other implementations and applications without departing from the spirit and scope of the invention. Thus, the disclosed technology is not intended to be limited to the implementations shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.

The problem addressed by the disclosed technology is the detection of phishing websites. Security departments attempt to catalog phishing campaigns as they occur. Security vendors rely on lists of phishing websites to power their security engines. Both proprietary and open source sources are available to catalog phishing links. Two open source community examples of phishing Universal Resource Locator (URL) lists are PhishTank and OpenPhish. Security departments use the lists to analyze malicious links and generate signatures from malicious URLs. Signatures are used to detect malicious links, typically by matching part or all of the URL or a compact hash of it. Generalization from signatures has become the primary approach to thwart zero-day phishing attacks that hackers can use to attack systems. Zero-day refers to a recently discovered security vulnerability that a vendor or developer has just learned about and has zero days to fix.

To avoid getting caught, phishing campaigns may end before the website of the phishing link can be analyzed. The website can be taken down by the phisher as soon as it is listed by security departments. Analysis of collected URLs is more likely to persist than tracing malicious URLs to active phishing sites. Sites disappear as suddenly as they appeared. Due in part to disappearing sites, state of the art technology has become URL analysis.

The disclosed technology applies machine learning/deep learning (ML/DL) to phishing detection with very low false positive rates and good recall. Three transfer learning techniques are presented, based on text/image analysis and based on HTML analysis.

In the first technique, we use transfer learning by leveraging a new deep learning architecture for multilingual natural language understanding and computer vision to embed the textual and visual content of web pages. The first generation of applying ML/DL to phishing detection uses concatenated embeddings of web page text and web page images. We use transfer learning from general training on text and image embeddings to train a detection classifier that uses the model's encoder function, such as the Bidirectional Encoder Representation (BERT) from Transformer and the decoder function of a Residual Neural Network (ResNet). Because it is trained on a large amount of data, the final layer of such a model serves as a reliable encoding for the visual and textual content of a web page. Care is taken to reduce false positives, since benign, non-phishing links are much more abundant than phishing sites, and blocking non-phishing links is a nuisance.

The second technique for applying ML/DL to phishing detection creates a new encoder-decoder pair that counter-intuitively decodes HTML embeddings to replicate the browser's rendering to the display. Embeddings are of course information-lossy; the decoding is much less accurate than what the browser achieves. The encoder-decoder approach to embedding HTML code facilitates transfer learning. Once the encoder is trained to embed HTML, a classifier replaces the decoder. Embedding-based transfer learning uses a relatively small training corpus and is practical. Currently, it has been proven that as few as 20k or 40k examples of phishing pages are sufficient to train a classifier with two fully connected layers that process embeddings. The second generation embeddings of HTML can be augmented by concatenating other embeddings, such as ResNet image embeddings, URL feature embeddings, or both ResNet image embeddings and URL feature embeddings.

However, the scale of new URLs can prevent real-time detection of web pages that use these contents due to the high computational complexity of deep learning architectures and the rendering and parsing times of web page content.

The third generation of applying ML/DL to phishing detection uses a URL embedder, HTML encoder, and phishing classifier layer to classify URLs and content pages accessed through the URLs as phishing or not, and can react in real-time when malicious web pages are detected. This third technique effectively filters suspicious URLs without the need to visit the website and uses faster trained models. Suspicious URLs can also be routed later to the first or second techniques for final detection.

Next, we describe an exemplary system for detecting phishing via URL links and downloaded HTML in offline mode and in real time.

Architecture Figure 1 shows an architecture level schematic diagram of a system 100 for detecting phishing via URL links and downloaded HTML. System 100 also includes functionality for detecting phishing via redirected or hidden URL links and downloaded HTML in real time. Because Figure 1 is an architecture diagram, some details have been intentionally omitted for greater clarity. The description of Figure 1 is structured as follows: First, the elements of the diagram are described, followed by a description of their interconnections. Next, the use of the elements in the system is described in more detail.

FIG. 1 includes a system 100 that includes an endpoint 166. The user endpoint 166 may include devices such as a computer 174, a smartphone 176, and a computer tablet 178 that provide access to and interaction with data stored on the cloud-based store 136 and the cloud-based services 138. In another organizational network, organizational users may utilize additional devices. An inline proxy 144 is interposed between the user endpoint 166 and the cloud-based services 138 through a network 155, and in particular through a network security system 112 that includes a network administrator 122, a network policy 132, a rating engine 152, and a data store 164. The inline proxy 144 is accessible through the network 155 as part of the network security system 112. The inline proxy 144 provides monitoring and control of traffic between the user endpoint 166, the cloud-based store 136, and other cloud-based services 138. The inline proxy 144 has an active scanner 154 that collects HTML and web page snapshots and stores the data set in a data store 164. If features can be extracted from traffic in real time and snapshots are not collected from live traffic, active scanner 154 is not required to crawl web page content of URLs as in third generation systems that apply ML/DL for phishing detection. Three ML/DL systems for detecting phishing websites are described in detail below. Inline proxy 144 monitors network traffic between user endpoints 166 and cloud-based services 138 to enforce network security policies, including data loss prevention (DLP) policies and protocols, among others. Evaluation engine 152 checks database records for URLs deemed malicious through disclosed detection of phishing websites, and these phishing URLs are automatically and permanently blocked.

To detect phishing in real-time via URL links and downloaded HTML, an in-line proxy 144 positioned between the user endpoint 166 and the cloud-based storage platform inspects incoming traffic and forwards it to a phishing detection engine 202, 404, 602 described below. The in-line proxy 144 may be configured to sandbox the content corresponding to the link and inspect/probe the link to ensure that the page pointed to by the URL is safe before allowing the user to access the page through the proxy. Links identified as malicious may then be quarantined and inspected for threats utilizing known techniques, including secure sandboxing.

Continuing with the description of FIG. 1, the cloud-based services 138 include cloud-based hosting services, web email services, video, messaging, and voice calling services, streaming services, file transfer services, and cloud-based storage services. The network security system 112 connects to the user endpoints 166 and the cloud-based services 138 via a public network 155. The data store 164 stores a list of malicious links and signatures from malicious URLs. The signatures are typically used to detect malicious links by matching a portion or all of the URL, or a compact hash thereof, and the data store 164 stores information from one or more tenants in tables of a common database image to form an on-demand database service (ODDS), which may be implemented in many ways, such as a multi-tenant database system (MTDS). The database image may include one or more database objects. In other implementations, the database may be a relational database management system (RDBMS), an object-oriented database management system (OODBMS), a distributed file system (DFS), a no-schema database, or any other data storage system or computing device. In some implementations, the collected metadata is processed and/or normalized. In some cases, the metadata includes structured data and functionality is targeted to a particular data structure provided by cloud-based services 138. Unstructured data, such as free text, may also be provided by cloud-based services 138 and targeted back to cloud-based services 138. Both structured and unstructured data can be stored in semi-structured data formats, such as JSON (Javascript Object Notation), BSON (binary JSON), XML, Protobuf, Avro, or Thrift objects, which consist of string fields (or columns) and corresponding values of potentially different types, such as numbers, strings, arrays, objects, etc. In other implementations, JSON objects can be nested and fields can be multi-valued, e.g., arrays, nested arrays, etc. These JSON objects are stored in a schemaless or NoSQL key-value metadata store 178, such as Apache Cassandra™, Google's Bigtable™, HBase™, Voldemort™, CouchDB™, MongoDB™, Redis™, Riak™, Neo4j™, etc., which uses SQL database-like keyspaces to store the parsed JSON objects. Each keyspace is divided into column families, which are similar to tables and consist of a set of rows and columns.

Continuing with the description of FIG. 1, the system 100 can include any number of cloud-based services 138, namely, point-to-point streaming services, host services, cloud applications, cloud stores, cloud collaboration and messaging platforms, and cloud customer relationship management (CRM) platforms. The services can include peer-to-peer file sharing (P2P) via protocols for portal traffic such as BitTorrent (BT), User Datagram Protocol (UDP) streaming and File Transfer Protocol (FTP), and voice, video and messaging multimedia communication sessions such as instant messages over Internet Protocol (IP) and mobile phone calling over LTE (VoLTE) via Session Initiation Protocol (SIP) and Skype. The services can handle Internet traffic, cloud application data, and generic routing encapsulation (GRE) data. The network services or applications can be web-based (e.g., accessed via a Uniform Resource Locator (URL)) or native, such as a sync client. Examples include software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) offerings, as well as internal enterprise applications exposed via URLs. Examples of common cloud-based services today include Salesforce.com™, Box™, Dropbox™, Google Apps™, Amazon AWS™, Microsoft Office 365™, Workday™, Oracle on Demand™, Taleo™, Yammer™, Jive™, and Concur™.

In interconnecting the elements of the system 100, the network 155 communicatively couples computers, tablets and mobile devices, cloud-based hosting services, web email services, video, messaging and voice calling services, streaming services, file transfer services, cloud-based storage services 136, and the network security system 112. The communication paths can be point-to-point over public and/or private networks. Communications can occur over a variety of networks, e.g., private networks, VPNs, MPLS circuits, or the Internet, and can use appropriate application program interfaces (APIs) and data exchange formats, e.g., REST, JSON, XML, SOAP, and/or JMS. All communications can be encrypted. This communication is generally over networks such as local area networks (LANs), wide area networks (WANs), telephone networks (public switched telephone networks (PSTN)), session initiation protocol (SIP), wireless networks, point-to-point networks, star networks, token ring networks, hub networks, and the Internet, including mobile Internet, via protocols such as EDGE, 3G, 4G LTE, Wi-Fi, and WiMAX. In addition, various authorization and authentication technologies, such as username/password, OAuth, Kerberos, SecureID, digital certificates, and the like, may be used to secure the communication.

Continuing with the description of the system architecture of FIG. 1, the network security system 112 includes a data store 164 that can include one or more computers and computer systems coupled to communicate with each other. They can also be one or more virtual computing and/or storage resources. For example, the network security system 112 can be one or more Amazon EC2 instances, and the data store 164 can be Amazon S3™ storage. Rather than implementing the network security system 112 directly on a physical computer or traditional virtual machine, other computing-as-a-service platforms such as Salesforce's Rackspace, Heroku, or Force.com can be used. In addition, one or more engines can be used and one or more points of presence (POPs) can be established to implement the security functions. The engines or system components of FIG. 1 are implemented by software running on various types of computing devices. Exemplary devices are workstations, servers, computing clusters, blade servers, and server farms, or any other data processing system or computing device. The engine can be communicatively coupled to the database via different network connections.

While system 100 is described herein with reference to particular blocks, it should be understood that the blocks are defined for convenience of description and are not intended to require a particular physical arrangement of components. Moreover, the blocks need not correspond to physically separate components. To the extent that physically separate components are used, connections between the components can be wired and/or wireless as appropriate. Different elements or components can be combined into a single software module, and multiple software modules can execute on the same processor.

Despite the best attempts of malicious actors, the content and appearance of phishing websites provide features that the disclosed deep learning models can exploit to reliably detect phishing websites. In the disclosed system described next, we use transfer learning by leveraging a novel deep learning architecture for multilingual natural language understanding and computer vision to embed the textual and visual content of web pages.

2 illustrates a high-level block diagram 200 of the disclosed phishing detection engine 202 that utilizes ML/DL with URL feature hashes, natural language (NL) word encodings, and embeddings of captured website images to detect phishing sites. The disclosed phishing classifier layer 275 generates a likelihood score 285 that represents how likely a particular website is to be a phishing website. In one embodiment, the phishing detection engine 202 utilizes a multilingual bidirectional encoder representation from a transformer (BERT) model supporting over 100 languages as the encoder 264 and a residual neural network for images (ResNet50) as the embedder 256. The URL feature hashes 242, word encodings 265, and image embeddings 257 are then passed to the neural network phishing classifier layer 275 for final training and inference, as described below.

An encoder can be trained by pairing an encoder and a decoder. The encoder and decoder can be trained to compress the input into an embedding space and then reconstruct the input from the embedding. Once the encoder is trained, it can be reused as described herein. The phishing classifier layer 275 utilizes URL feature hashes 242 of the URL n-grams, word encodings 265 of words extracted from the content page, and image embeddings 257 of images captured from the content page 216 at the URL 214 web address.

In one embodiment, phishing detection engine 202 utilizes feature hashes of web page content and security information present in response headers to supplement the features available on both benign and phishing web pages. The content is expressed in JavaScript in one implementation. In another embodiment, a different language such as Python can be used. URL feature hasher 222 receives URL 214, parses the URL into features, and hashes the features to generate URL feature hashes 242, providing dimensionality reduction of the URL n-gram. An example of domain features for a URL with headers + security information is listed below:
“scanned_url”: [
“http://alfabeek.com/”
］,
“header”: {
“date”:”Tue, 02 Mar 2021 15:30:27 GMT”,
“server”:”Apache”,
“last-modified”:”Tue,08 Sep 2020 02:09:49 GMT”,
“accept-ranges”: “bytes”,
“vary”:”Accept-Encoding”,
“content-encoding”: “gzip”,
“content-length”:”23859”,
“content-type”:”text/html”},
“security_info”: [
{
“_subjectName”:”alfabeek.com”,
“_issuer”: “Sectigo RSA Domain Validation Secure Server CA”,
“_validFrom”:1583107200,
“_validTo”:1614729599,
“_protocol”:”TLS 1.3”,
“_sanList”: [
“alfabeek.com”,
“www.alfabeek.com”
］

Continuing with FIG. 2, the headless browser 226 is configured to access content at URLs, internally render the content page, extract words from the rendering of the content page, and capture images of at least a portion of the rendering of the content page. The headless browser 226 receives the URL 214, which is the web address of the content page 216, and extracts words from the content page 216. The headless browser 226 provides the extracted words 246 to a natural language encoder 264, which generates an encoding from the extracted words: word encoding 265 of block diagram 200. The natural language (NL) encoder 264 is pre-trained on natural language and generates encodings of the words extracted from the content page. The encoder 264 utilizes, in an exemplary embodiment, a standard encoder, BERT for natural language. The encoder embeds inputs that the encoder processes in a relatively low-dimensional embedding space. BERT embeds natural language passages in an embedding space of 400-800 dimensions. The Transformer logic accepts natural language input and, in one example, generates a 768-dimensional vector that encodes and embeds the input. The dashed block contour of the pre-trained decoder 266 is distinguished as pre-trained, i.e., the BERT is trained before being used to detect phishing of the URL 214. The encoder 264 generates word encodings 265 of words extracted from the content page being screened for use by the phishing classifier layer 275 to detect phishing. Different implementations may utilize different ML/DL encoders, such as a universal sentence encoder. Different embodiments may utilize a long short-term memory (LSTM) model.

Continuing with FIG. 2, the headless browser 226 receives the URL 214, which is the web address of the content page 216, and captures an image of the web page by mimicking an actual user visiting the web page and taking a snapshot of the rendered web page. The headless browser 226 takes the snapshot and provides the captured image 248 to an image embedder 256, which is pre-trained on images, to generate an embedding of the captured image from the content page. Image embedding can increase efficiency and improve phishing detection for obfuscated cases. The embedder 256 encodes the captured image 248 as an image embedding 257. In one embodiment, the embedder 256 utilizes a standard embedder, a residual neural network (ResNet50), with a pre-trained classifier 258 on images. Different implementations may utilize image embedders pre-trained with different ML/DLs, such as Inception-v3, VGG-16, ResNet34, or ResNet-101. Continuing with the exemplary embodiment, ResNet50 embeds an image, such as an RGB 224x224 pixel image, and generates a 248-dimensional embedding vector that maps the image into an embedding space that is much more compact than the original input. The pre-trained ResNet50 embedder 256 generates image embeddings 257 of snapshots of the content pages being screened, which are used to detect phishing websites.

The phishing classifier layer 275 of the disclosed phishing detection engine 202 is trained on URL feature hashes, encodings of words extracted from content pages, and embeddings of image captures from content pages of example URLs, with each example URL accompanied by a ground truth classification as phishing or not phishing. The phishing classifier layer 275 processes the URL feature hashes, word encodings, and image embeddings to generate at least one likelihood score representing the phishing risk of the URL and the content accessed via the URL. The likelihood score 285 represents how likely it is that a particular website is a phishing website. In one embodiment, the input size to the phishing classifier layer 275 is 2048+768+1024, the output of the BERT is 768, the ResNet50 embedding size is 2048, and the size of the feature hash over the n-gram of the URL is 1024. The phishing detection engine 202 is well suited for semantically meaningful detection of phishing websites, regardless of the language of the phishing website. The disclosed near real-time crawling pipeline rapidly captures new suspicious webpage content before they are neutralized, thus addressing the short lifecycle nature of phishing attacks, which helps accumulate larger training datasets for continuous retraining of a given deep learning architecture.

Figure 3 illustrates a block diagram of a Reference Bidirectional Encoder Representation (BERT) from a Transformer that may be utilized for natural language classification of words extracted from web content pages, as described in connection with the block diagram shown in Figure 2 above.

The second system for applying ML/DL to phishing detection utilizes image transfer learning and also uses generative pre-training (GPT) to learn HTML embeddings. This addresses the problem of having a limited phishing dataset and also provides a better representation of the HTML content. Unlike the first approach, there is no need for BERT text encoding. The HTML embedding network learns to represent the entire multimodal content of the HTML content (text, JS, CSS, etc.) by a vector of 256 numbers. The theoretical foundations of this HTML embedding network are presented in "Open AI Generative Pretraining From Pixels" in the proceedings of the 37th International Conference on Machine Learning, PMLR 119:1691-1703, 2020.

Figure 4 illustrates a high level block diagram 400 of the disclosed phishing detection engine 402, where each exemplary URL uses ML/DL with URL feature hashing with ground truth classification as phishing or not phishing, encoding of HTML extracted from the content page, and embedding of an image captured from the exemplary URL's content page to detect phishing sites. The disclosed phishing classifier layer 475 generates at least one likelihood score 485 that the URL and the content accessed via the URL presents a phishing risk.

The phishing detection engine 402 uses a URL feature hasher 422 that parses the URL 414 into features and hashes the features to generate URL feature hashes 442, resulting in dimensionality reduction of the URL n-gram. An example of domain features for a URL with header + security information is listed above.

The headless browser 426 extracts HTML tokens 446 and provides them to the HTML encoder 464. The phishing detection engine 202 utilizes the disclosed HTML encoder 464 and is trained on the HTML tokens 446 extracted from the content page of the exemplary URL 416, encoded, and then decoded to recreate the captured image from the rendering of the content page. The dashed lines distinguish the dashed block contour of the generative training decoder 466 that generates the rendered image of the page from the encoder embedding from subsequent processing of the active URL, including the dashed lines from the captured image 448. Learning the data distribution P(X) is highly beneficial for the subsequent supervised modeling of P(X|Y), where Y is the binary class of phishing and non-phishing, and X is the HTML content. The HTML encoder 464 is pre-trained using generative pre-training (GPT), in which unsupervised pre-training over large amounts of unsupervised data is utilized to learn a data distribution P(X) for subsequent supervised decision making with P(Y|X). Once the HTML encoder 464 is trained, it can be reused. The HTML encoder 464 generates an HTML encoding 465 of the HTML tokens 446 extracted from the content page 416.

The HTML is tokenized based on the rules, and the HTML tokens 446 are passed to the HTML encoder 464. Community examples of phishing URL lists, open source, collaborative clearinghouses of phishing data and information on the Internet include PhishTank, OpenPhish, MalwarePatrole, and Kaspersky, which serve as sources of HTML files that have been identified as phishing websites. Negative samples that do not contain phishing balance the dataset in proportions that represent the current trends of phishing websites. The HTML encoder 464 is trained using a large unlabeled dataset of HTML and page snapshots collected by the in-house active scanner 154. Website users fall victim to attacks, especially when malicious rendered pages mimic the appearance of legitimate login pages, so the training goal is to force the HTML encoder to learn to represent HTML content in terms of rendered images of these pages.

For training, the HTML encoder 464 is initialized with random initial parameters and parameters of HTML. In one embodiment, 700K HTML files in the data store 164 were scanned and the resulting extraction of the top 10K tokens representing content pages was used to configure the phishing detection engine 402 for classification that does not suffer from a significant number of false positive results. In one exemplary content page, 800 valid tokens were extracted. In another example, 2K valid tokens were recognized, and in a third example, approximately 1K tokens were collected.

In another embodiment, an HTML parser can be used to extract HTML tokens from a content page accessed via a URL. Both the headless browser and the HTML parser can be configured to extract HTML tokens that belong to a predefined token vocabulary and to ignore portions of the content that do not belong to the predefined token vocabulary. In one embodiment, the phishing detection engine 402 includes a headless browser configured to extract for generation of an HTML encoding of up to 64 HTML tokens. 64 is a specific, configurable system parameter. The extraction can take up to 10 milliseconds to render in some cases. In another embodiment, the headless browser can be configured to extract for generation of an HTML encoding of up to 128, 256, 1024, or 4096 HTML tokens. The use of more tokens slows down training. Implementations of up to 2k tokens have been achieved. Training can be used to learn what ordering patterns of HTML tokens result in a particular page view. The mathematical approximation can be used to learn what distribution of tokens should be used later for better classification.

Continuing with FIG. 4, the image embedder pre-trained on images generates an image embedding of the captured image from the content page. The pre-trained embedder coefficients allow for near real-time, cost-effective embedding. The headless browser 426 is configured to access the content of the URL and render the content page internally. The headless browser 226 receives the URL 414, which is the web address of the content page 416, and captures an image of the web page by mimicking a real user visiting the web page and taking a snapshot of the rendered web page. The headless browser 426 takes the snapshot and provides the captured image 448 to the rendered image embedder 456 pre-trained on images, which generates an embedding of the captured image from the content page. Image embedding can increase efficiency and improve phishing detection, which is particularly useful for obfuscated cases. The embedder 456 encodes the captured image 448 as an image embedding 457. In one embodiment, the rendered image embedder 456 utilizes a standard embedder, a residual neural network (ResNet50), with a pre-trained classifier 458 for the image. Different implementations can utilize image embedders pre-trained with different ML/DLs, such as Inception-v3, VGG-16, ResNet34, or ResNet-101. Continuing with the exemplary embodiment, ResNet50 embeds an image, such as an RGB 224x224 pixel image, and generates a 2048-dimensional embedding vector that maps the image into an embedding space that is much more compact than the original input. The pre-trained ResNet50 embedder 456 generates image embeddings 457 for images captured from content pages to be used to detect phishing websites. The URL feature hash 442, HTML encoding 465, and image embedding 457 are passed to a neural network phishing classifier layer 475 for final training and inference, as described below. In one embodiment, the input size of the final classifier is 2048 (ResNet50 embedding size) + 256 (HTML encoder encoding size) + 1024 (size of feature hash over n-grams of URL). New phishing websites are submitted hourly by the security team in one production system. In one exemplary phishing website, the HTML script starts, then a blank section is detected, then the HTML script ends. The disclosed technology supports timely detection of new phishing websites.

The phishing classifier layer 475 of the disclosed phishing detection engine 402 is trained on the URL feature hashes, HTML encodings of HTML tokens extracted from the content pages, and captured image embeddings from the content pages of example URLs, with each example URL accompanied by a ground truth 472 classification as phishing or not phishing. After training, the phishing classifier layer 275 processes the URL feature hashes 442, HTML encodings 465, and image embeddings 457 to generate at least one likelihood score 485 that the URL and the content accessed via this URL 414 presents a phishing risk. The likelihood score 485 represents how likely it is that the URL and the content accessed via this URL presents a phishing risk. Below we list example pseudocode for training models for classification loss, clf loss, binary phishing or not, and Gen_loss, the difference between what the classifier expects to see and what it sees.
def training_step(self, batch, batch_idx):
html_tokens, snapshot, label, resnet_embed, domain_features = batch
# Tuning and Classification if self. classify:
Embedding, logits=self.gpt(x,classify=True)
gen_loss = self. Criterion (logits, y)
clf_logits = self. concat_layer(torch.cat([embedding, resnet_embed, domain_features], dim=1))
clf_loss = self. clf_criterion(clf_logits, label)
# Joint loss for classification loss = clf_loss + gen_loss
#Generate pretraining else:
generated_img = self. gpt(html_tokens)
loss = self. criteria(generated_img, snapshot)

Figure 5 illustrates a block diagram of a reference residual neural network (ResNet) that is pre-trained for image classification prior to use in the phishing detection engine 402.

In inline phishing, since the web page is rendered user-side at the user endpoint 166, a snapshot of the page is not available, so ResNet is not utilized and the phishing detection classifier does not have access to the header information of the content page. Next, a disclosed classifier system is described that utilizes the URL and HTML tokens extracted from the page to classify the URL and the content page accessed via the URL as phishing or not. This third system is particularly useful in production environments where access to a snapshot of the visited content and to the header information is not available, and can operate in real time in network security systems.

Another disclosed classifier system applies ML/DL to a snapshot of the visited content and when access to header information is not available to classify a URL and the content accessed via the URL as phishing or not. FIG. 6 illustrates a high level block diagram 600 of a disclosed phishing detection engine 602 that utilizes ML/DL with a URL embedder and HTML encoder. The HTML encoding is extracted from the content page pointed to by the URL. The disclosed phishing classifier layer 675 generates at least one likelihood score 685 that the URL and the content accessed via the URL presents a phishing risk.

The phishing detection engine 602 uses a URL link sequence extractor 622 that extracts characters in a predefined character set from a URL 614 to generate a URL character sequence 642. A one-dimensional 1D convolutional neural network (Conv1D) URL embedder 652 generates a URL embedding 653. Before being used for classification, the URL embedder 652 and URL classifier 654 are trained using example URLs with ground truth 632 that classify URLs as phishing or non-phishing. The dashed block outline of the trained URL classifier 654 distinguishes training from subsequent processing of active URLs. During training of the URL embedder 652, differences are backpropagated past the phishing classifier layer to the embedding layer used to generate the URL embedding.

Continuing with the description of the system 600 illustrated in FIG. 6, the phishing detection engine 602 also utilizes the disclosed HTML encoder 664, which is trained using HTML tokens 646 parsed by the HTML parser 636 from the content page at the exemplary URL 616, encoded, and then decoded to recreate the image captured from the rendering of the content page. Parsing extracts meaning from the available metadata. In one implementation, tokenization operates as the first step of parsing to identify HTML tokens in the stream of metadata, and parsing then proceeds to use the context in which the tokens are found to determine the meaning and/or type of information being referenced. The HTML encoder 664 generates an HTML encoding 665 of the HTML tokens 646 extracted from the content page 616.

During training, the headless browser 628 captures an image of the URL's content page for use in pre-training. The dashed line from the captured image 648 to the dashed block outline of the generative training decoder 668, which generates the rendered image of the page from the encoder embedding, distinguishes training from subsequent processing of the active URL. For training, the HTML encoder 664 is initialized with random initial parameters and parameters of HTML. The HTML encoder 664 is pre-trained using generative pre-training, where unsupervised pre-training over a large amount of unsupervised data is utilized to learn the data distribution P(X) for subsequent supervised decision making with P(Y|X). Once the HTML encoder 664 is trained, it is reused for use in production. During the training of the encoder 664, the differences of the encoding layers used to generate the HTML encodings are back-propagated across the phishing classifier layers. In one embodiment, the training data includes 206,224 benign pages and 69,808 phishing pages.

Continuing with the description of the system 600, the phishing classifier layer 675 is trained on the URL embeddings and HTML encodings of example URLs, with each example URL accompanied by a ground truth classification 632 as phishing or not phishing. During training of the URL embedder 652, the encoding layer differences used to generate the URL embeddings 653 are backpropagated beyond the phishing classifier layer. That is, once the HTML encoder 664 is pre-trained, the URL embedding 653 network, along with the rest of the network (classification layer 675 and the fine-tuning step of the HTML encoder 654), is trained with the loss function and the help of URL examples with ground truth 632 for the input information.

After training, the phishing classifier layer 675 processes the concatenated input of the URL embeddings 653 and the HTML encodings 665 to generate at least one likelihood score that the URL and the content accessed via the URL present a phishing risk. The phishing detection engine 602 applies the phishing classifier layer 675 to the concatenated input of the URL embeddings and the HTML encodings to generate at least one likelihood score 685 that the URL and the content accessed via the URL present a phishing risk.

The HTML parser 636 extracts HTML tokens from the content page accessed via the URL. In one example, the HTML parser 636 can be configured to extract HTML tokens from the content that belong to a predetermined token vocabulary and ignore parts of the content that do not belong to the predetermined token vocabulary, such as line breaks and line feeds. In one embodiment, in training to determine the number of HTML tokens to specify to train the HTML encoder 664, a scan of 700K HTML files in the data store 164 and the resulting extraction of the top 10K tokens representing the content page was used to configure the phishing detection engine 602 for classification that does not suffer from a significant number of false positive results. In one exemplary content page, 800 valid tokens were extracted, in another example, 2K valid tokens were recognized, and in a third example, approximately 1K tokens were collected. Training is used to learn which ordering patterns of HTML tokens result in a particular content page.

For real-time phishing detection systems utilizing an inline implementation, care is taken to minimize the size of the vocabulary for speed considerations. For the phishing detection engine 602, in one embodiment, the HTML parser 636 is configured to extract for generation of an HTML encoding of up to 64 HTML tokens. Different implementations may utilize different numbers of HTML encodings. In another embodiment, the headless browser may be configured to extract for generation of an HTML encoding of up to 128, 256, 1024, or 4096 HTML tokens.

Phishing patterns are constantly evolving and it is often difficult for detection methods to achieve a high true positive rate (TPR) while maintaining a low false positive rate (FPR). A precision-recall curve shows the relationship between precision (= positive predictive value) and recall (= sensitivity) for possible cutoffs.

Figure 7 shows a precision recall graph for several of the disclosed phishing detection systems. Of interest is the precision of the results near the top of the graph, where precision is close to 1.000, due to the requirement for few false positive detections. The curve with HTML+URL+header content is represented by the dotted line 746. Snapshot(ResNet)+BERT, represented as the curve with long dashes 736, is more precise than HTML+URL+header content, and Snapshot, represented as the solid curve 726, is the most precise phishing technique. BERT is computationally expensive, and the graph shows that BERT is not required to obtain precise phishing detection results.

FIG. 8 illustrates a receiver operating characteristic curve (ROC) for phishing website detection as described above. The ROC curve is a plot of true positive rate (TPR) as a function of false positive rate (FPR) at various threshold settings. The area of interest is the area under the curve with a very low FPR, since false positive identification of a content page as a phishing website is not sustainable. The ROC curve is useful for comparing systems for detecting phishing websites as described above. For the phishing detection engine 202, the ROC curve illustrated with +Snapshot+Bert836 and long dashes shows the results of a system that utilizes ML/DL with URL feature hash, encoding of NL words, and embedding of captured website images. In a second system, the phishing detection engine 402 utilizes ML/DL with URL feature hash, encoding of HTML tokens extracted from the content page, and embedding of images captured from the content page to detect phishing sites. The curve labeled +Snapshot 826 shows a higher system accuracy with fewer false positives than the HTML-URL-Header 846, whose curve is illustrated with dots.

Continuing with the description of the ROC curves in FIG. 8 with different combinations of features including multilingual Bert embeddings, the comparison illustrates that text embeddings such as BERT can in some cases impair the effectiveness of the model due to the fact that the HTML encoder already takes into account the text content, and as a result, including more text encodings can lead to overfitting to the text of the HTML page. +Snapshot 826 has higher accuracy and leads to the lowest number of FPs in production. Furthermore, the version of the model without image embeddings results in a system that can bypass the active scanner/headless browser functionality in environments such as runtime environments where snapshots are not available. In one example, running a headless browser may be too expensive and unscalable for the vast number of URLs faced in production environments. Furthermore, an attacker can avoid detection in such environments.

Figure 9 illustrates a receiver operating characteristic curve (ROC) for phishing website detection of the phishing detection engine 602 using ML/DL with URL embedder and HTML encoder. The ROC curve 936 is a plot of true positive rate (TPR) as a function of false positive rate (FPR) at various threshold settings. The ROC curve 936 illustrates that the phishing detection engine 602 has a higher true positive rate than the phishing detection system whose ROC curve is shown in Figure 8.

The URL embedder 652 and the html encoder 664 of the phishing detection engine 602 comprise high-level programs with irregular memory access patterns or data-dependent flow control. The high-level programs are source codes written in programming languages such as C, C++, Java, Python, and Spatial. The high-level programs can implement the computational structures and algorithms of machine learning models such as AlexNet, VGG Net, GoogleNet, ResNet, ResNeXt, RCNN, YOLO, SqueezeNet, SegNet, GAN, BERT, ELMo, USE, Transformer, and Transformer-XL. In one example, the high-level programs can implement a convolutional neural network with several processing layers, such that each processing layer can include one or more nested loops. The high-level program may perform occasional memory operations that involve accessing inputs and weights and performing matrix multiplication between the inputs and weights. The high-level program may include nested loops with high iteration counts and loop bodies that load and multiply input values from a previous processing layer with the weights of the subsequent processing layer to generate the output of the subsequent processing layer. The high-level program may have loop-level parallelism in the outermost loop body and may exploit this using coarse-grained pipelining. The high-level program may have instruction-level parallelism in the innermost loop body and may exploit this using loop unrolling, single instruction, multiple data (SIMD) vectorization, and pipelining.

Figure 10 illustrates a computational data flow graph of the functionality of a one-dimensional 1D convolutional neural network (Conv1D) URL embedder 652 that generates a URL embedding 653 using C++ code expressed in Open Neural Network Exchange (ONNX) format. The URL input is the first 100 characters of the URL 1014, which in one exemplary embodiment uses one-hot encoding and results in a convolution block 1024 (like a sliding window, kernel size = 7) with weights 256 x 56 x 7, generating a binary output of multi-dimensional features. The output 1064 with dimensions 1 x 32 x 8 (1 x 256) represents the final URL embedding 653 generated as input to the phishing classifier layer 675.

Figure 11 shows a block diagram of the disclosed html encoder 664, which generates html encodings 665 as input to the phishing classifier layer 675. The HTML encoder architecture is pre-trained with the help of a convolutional decoder that reconstructs the images seen in the training data. The decoder is typically a convolutional neural network (CNN). Training forces the HTML encoder to learn to represent HTML content in terms of their rendered images, thus skipping irrelevant parts of the HTML. This training is tailored to the way phishing attacks are launched: as long as the rendered pages continue to mimic the appearance of legitimate pages, users will fall victim to them. We now provide an overview of the functionality of the blocks. Input Embedding 1112 takes the 64 HTML tokens extracted by HTML Parser 636 as described above and maps the HTML tokens to a vocabulary. Positional Encoding 1122 adds contextual information for the vector of HTML tokens. Multi-head Attention 1132 generates multiple self-attention vectors to identify which elements of the input to focus on. Abstract Vectors Q, K, and V extract different components of the input and map them to attention. The attention vectors are used to compute the attention vector. The multiple attention vectors represent the relationships between the HTML vectors. Multi-head attention 1132 is repeated four times in the illustrated computational data flow graph described with respect to Figures 12A-12D below, which represents second-order multi-head attention. In different embodiments, the number of heads can be doubled or even larger. Multi-head attention 1132 passes the attention vectors, one vector at a time, to the feed-forward network 1162, which transforms the vectors of the next block. Each block ends with an addition and normalization operation, indicated by addition and normalization 1172, to smooth and normalize the layer across each feature, compressing the HTML representation to 256 numbers that recreate the images seen in the training data. The output represents the final HTML encoding 665 produced as a 256-number input to the phishing classifier layer 675.

12A shows a schematic block diagram of the disclosed html encoder 664, which results in an html encoding 665 that is input to the phishing classifier layer 675. Input encoding and position embedding 1205 is described in connection with FIG. 11 above, and a detailed ONNX listing is illustrated in FIG. 12B. Multi-head attention 1225 is described in connection with FIG. 11 above, and FIG. 12C shows a detailed ONNX image with inputs from the input encoding and position embedding shown as inputs to the operator schema for implementing the blocks from FIG. 12B. Addition and normalization and feedforward 1245 is also described in connection with FIG. 11, with a detailed ONNX listing in FIG. 12D. FIG. 12A also includes a Reduce Mean 1265 operator that reduces the dimensionality of the input tensor, and calculates the mean of the elements of the input tensor along a provided axis. The HTML encoding 665 output is a 1x256 vector 1285 that is generated and mapped as an input to the phishing classifier layer 675. The details of the inputs, outputs, and operations performed for the ONNX operator are well known to those skilled in the art.

12B, 12C, and 12D together illustrate a computational data flow graph of the functionality of html encoder 664, using C++ code expressed in Open Neural Network Exchange (ONNX) format, resulting in html encoding 665 that is input to phishing classifier layer 675. In alternative embodiments, the ONNX code can express a different programming language.

Figure 12B shows a section of the dataflow graph in two columns separated by a dotted line, with connectors at the bottom of the left column flowing into the top of the right column. The results at the bottom of the right column of Figure 12B flow into Figures 12C and 12D. Figure 12B illustrates input encoding and positional embedding, as indicated by the gather operator 1264. For the input embedding 1112, the gather block gathers data of dimensions 64x256 1264.

12C illustrates a single iteration of multi-head attention 1225, showing an example of a dataflow graph with computational nodes asynchronously transmitting data along data connections. The dataflow graph represents the so-called multi-head attention module of the Transformer model. In one embodiment, the dataflow graph shows multiple loops executed in parallel as separate processing pipelines to process input tensors across multiple processing pipelines, with loop nesting arranged in a hierarchy of levels such that the second level loop is within the first level loop, with gather and uncompress and concatenate operations. The gather operations (three in all) refer to the use of query, key, and value vectors in the multi-head attention layer. In this disclosed example model, two heads were utilized, resulting in a concatenation operation on each of these vectors. In the illustrated embodiment, the respective outputs of each of the processing pipelines are concatenated to produce concatenated outputs A2, B2, C2, D2. As illustrated by A2, B2, C2, and D2 in the bottom of FIG. 12C and the top of FIG. 12D, the outputs from the multi-head attention functionality flow into summation and normalization and feedforward.

12D illustrates the summation and normalization and feedforward 1245 functionality using the ONNX operation. FIG. 12D is illustrated using three columns separated by dotted lines, with the connector at the bottom of the left column flowing into the top of the center column, and the connector at the bottom of the center column flowing into the operation in the right column. The output of the multi-head attention (shown in FIG. 12C) flows into the summation and normalization and feedforward operation, and the softmax operation 1232 transforms and normalizes the input vector into a probability distribution that flows into the matrix multiplier MatMul 1242. The output of the summation and normalization and feedforward 1245, Ax, Bx, Cx, Dx (shown in the lower right corner of FIG. 12D), flows into the reduced mean 1265 operator (FIG. 12A). The reduced mean 1265 operator reduces the dimensionality of the input tensor (Ax, Bx, Cx, Dx) and calculates the average of the elements of the input tensor along the axes provided. The output of HTML encoding 665 is a 1x256 vector 1285.

Figure 13 illustrates a computational data flow graph of the functionality of the phishing classifier layer 675, which generates likelihood score(s) 685 that represent how likely a particular website is to be a phishing website, with C++ code expressed in Open Neural Network Exchange (ONNX) format. The input 1314 to the phishing classifier layer 675 of size 1x512 is formed by concatenating a URL embedding and an HTML encoding. The two concatenated vectors are the 1x256 vector HTML encoding and the URL embedding with dimensions 1x32x8 (1x256), as explained earlier. Batch normalization 1324, as applied to the activations of the previous layer, standardizes the inputs and accelerates training. The operators GEneral Matrix Multiplication (GEMM) 1346, 1366 represent linear algebra routines that are basic operators in DL. The output 1374 of the final two-layer feedforward classifier of size 1×2 is the likelihood that a web page is a phishing site and the likelihood that a web page is not a phishing site for classifying the site as phishing or not.

Computer System Figure 14 is a simplified block diagram of a computer system 1000 that may be used to classify URLs and content pages accessed via the URLs as phishing or non-phishing. The computer system 1400 includes at least one central processing unit (CPU) 1472 that communicates with some peripheral devices via a bus subsystem 1455, and a network security system 112 for providing the network security services described herein. These peripheral devices may include, for example, a storage subsystem 1410 including memory devices and a file storage subsystem 1436, a user interface input device 1438, a user interface output device 1476, and a network interface subsystem 1474. The input and output devices enable user interaction with the computer system 1400. The network interface subsystem 1474 provides an interface to external networks, including interfaces to corresponding interface devices in other computer systems.

In one implementation, the cloud-based security system 153 of FIG. 1 is communicatively linked to the storage subsystem 1410 and the user interface input device 1438.

User interface input devices 1438 may include pointing devices such as keyboards, mice, trackballs, touchpads, or graphic tablets, scanners, touch screens integrated into displays, audio input devices such as voice recognition systems and microphones, and other types of input devices. In general, use of the term "input device" is intended to include all possible types of devices and methods for inputting information into computer system 1400.

The user interface output devices 1476 may include a display subsystem, a printer, a fax machine, or a non-visual display such as an audio output device. The display subsystem may include a flat panel device such as an LED display, a cathode ray tube (CRT), a liquid crystal display (LCD), a projection device, or some other mechanism for creating a visible image. The display subsystem may also provide a non-visual display such as an audio output device. In general, use of the term "output device" is intended to include all possible types of devices and methods for outputting information from the computer system 1400 to a user or to another machine or computer system.

Storage subsystem 1410 stores programming and data structures that provide some or all of the functionality of the modules and methods described herein. Subsystem 1478 may be a graphics processing unit (GPU) or a field programmable gate array (FPGA).

The memory subsystem 1422 used within the storage subsystem 1410 may include some memory, including a main random access memory (RAM) 1432 for storing instructions and data during program execution, and a read-only memory (ROM) 1434 in which fixed instructions are stored. The file storage subsystem 1436 may provide persistent storage for program and data files and may include a hard disk drive, a floppy disk drive with associated removable media, a CD-ROM drive, an optical drive, or a removable media cartridge. Modules implementing the functionality of a particular implementation may be stored by the file storage subsystem 1436, within the storage subsystem 1410, or within another machine accessible by the processor.

Bus subsystem 1455 provides a mechanism for allowing the various components and subsystems of computer system 1400 to communicate with each other as intended. Although bus subsystem 1455 is shown generally as a single bus, alternative implementations of the bus subsystem may use multiple buses.

The computer system 1400 itself can be of various types, including a personal computer, a portable computer, a workstation, a computer terminal, a network computer, a television, a mainframe, a server farm, a widely distributed set of loosely networked computers, or any other data processing system or user device. Due to the ever-changing nature of computers and networks, the description of the computer system 1400 shown in FIG. 14 is intended only as a specific example to illustrate a preferred embodiment of the invention. Many other configurations of computer system 1400 are possible, having more or fewer components than the computer system shown in FIG. 14.

Specific Implementations Several specific implementations and features for classifying URLs, and content accessed via those URLs, as phishing or non-phishing are described in the following discussion.

In one disclosed implementation, a phishing classifier that classifies a URL and content accessed via the URL as phishing or non-phishing includes a URL feature hasher that parses the URL into features and hashes the features to generate a URL feature hash, and a headless browser configured to extract words from a rendered content page and capture an image of at least a portion of the rendered content page. The disclosed implementation also includes a natural language encoder that generates word encodings of the extracted words, an image embedder that generates image embeddings of the captured image, and a phishing classifier layer that processes the concatenated input of the URL feature hash, the word encoding, and the image embedding to generate at least one likelihood score that the URL and content accessed via the URL presents a phishing risk.

In another disclosed implementation, a phishing classifier that classifies a URL and content accessed via the URL as phishing or non-phishing includes a URL feature hasher that parses the URL into features and hashes the features to generate a URL feature hash, and a headless browser configured to access the content of the URL to internally render a content page, extract words from the rendering of the content page, and capture an image of at least a portion of the rendering of the content page. The disclosed implementation also includes a natural language encoder pre-trained on natural language that generates word encodings of the words extracted from the content page, and an image embedder pre-trained on images that generates image embeddings of the images captured from the content page. The implementation further includes a phishing classifier layer, trained on the URL feature hashes, word encodings, and image embeddings of the example URL with each example URL having a ground truth classification as phishing or not phishing, that processes the concatenated input of the URL feature hashes, word encodings, and image embeddings of the URL to generate at least one likelihood score that the URL and the content accessed via the URL present a phishing risk.

In some disclosed implementations of the phishing classifier, the natural language encoder is one of Bidirectional Encoder Representation (abbreviated BERT) and Universal Sentence Encoder from Transformer. The image embedder is one of Residual Neural Network (abbreviated ResNet), Inception-v3, and VGG-16.

In one implementation, a disclosed computer-implemented method for classifying a URL and content accessed via the URL as phishing or non-phishing includes applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash. The disclosed method also includes applying a pre-trained natural language encoder for the natural language to generate word encodings of words parsed from a rendering of the content, and applying a pre-trained image encoder for the image to generate image embeddings of images captured from at least a portion of the rendering. The disclosed method further includes applying a phishing classifier layer trained on a concatenation of the URL feature hashes, word encodings, and image embeddings of an example URL with a ground truth classification as phishing or non-phishing, and processing the URL feature hashes, word encodings, and image embeddings to generate at least one likelihood score that the URL and content accessed via the URL presents a phishing risk.

The methods described in this and other sections of the disclosed technology may include one or more of the following features and/or features described in connection with the additional methods disclosed. For brevity, combinations of features disclosed in this application are not individually recited and are not repeated with each base set of features. The reader will understand how features identified in this method can be readily combined with the set of base features identified as implementation aspects.

A disclosed computer-implemented method further includes applying a headless browser to access the content via a URL and internally render the content, parsing words from the rendered content, and capturing an image of at least a portion of the rendered content.

One embodiment of the disclosed computer-implemented method includes a natural language encoder as one of Bidirectional Encoder Representation (BERT) from Transformer and Universal Sentence Encoder. Some embodiments of the disclosed computer-implemented method also include an image embedder as one of Residual Neural Network (ResNet), Inception-v3, and VGG-16.

One disclosed computer-implemented method for training a phishing classifier layer to classify URLs and content accessed via the URLs as phishing or non-phishing includes receiving and processing URL feature hashes, word encodings of words extracted from the content pages, and image embeddings of images captured from renderings of the content for example URLs to generate at least one likelihood score that each example URL and content accessed via the URL presents a phishing risk. The method also includes calculating a difference between the likelihood score for each example URL and a corresponding ground truth that the example URL and content page are phishing or non-phishing, and using the difference for the example URLs to train coefficients of the phishing classifier layer. The method further includes storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing.

The disclosed computer-implemented method further includes not backpropagating the differences beyond the phishing classifier layer to an encoding layer used to generate word encodings, and not backpropagating the differences beyond the phishing classifier layer to an embedding layer used to generate image embeddings.

The disclosed computer-implemented method also includes generating URL feature hashes for each of the example URLs, generating word encodings of words extracted from the rendering of the content page, and generating image embeddings of images captured from the rendering.

For many of the disclosed computer implementations, the disclosed method of training a phishing classifier layer to classify URLs and content accessed through the URLs as phishing or non-phishing includes generating word encodings using a Bidirectional Encoder Representation (BERT) encoder or a variant of the BERT encoder from Transformer, and generating image embeddings using one of a Residual Neural Network (ResNet), Inception-v3, and VGG-16.

In one disclosed implementation, a phishing classifier that classifies a URL and content accessed via the URL as phishing or non-phishing includes a URL feature hasher that parses the URL into features and hashes the features to generate a URL feature hash, and a headless browser configured to extract HTML tokens from a rendered content page and capture an image of at least a portion of the rendered content page. The disclosed classifier also includes an HTML encoder that generates an HTML encoding of the extracted HTML tokens, an image embedder that generates an image embedding of the captured image, and a phishing classifier layer that processes the URL feature hash, the HTML encoding, and the image embedding to generate at least one likelihood score that the URL and content accessed via the URL present a phishing risk. In some implementations, the HTML tokens belong to a recognized vocabulary of HTML tokens.

In one implementation, a disclosed phishing classifier that classifies a URL and content accessed via the URL as phishing or non-phishing includes a URL feature hasher that parses the URL into features and hashes the features to generate a URL feature hash, and a headless browser configured to access the content of the URL to internally render a content page, extract HTML tokens from the content page, and capture an image of at least a portion of the rendering of the content page. The disclosed phishing classifier also includes an HTML encoder that is trained on HTML tokens extracted from the content page of an exemplary URL, encoded, and then decoded to recreate the image captured from the rendering of the content page, and generates an HTML encoding of the HTML tokens extracted from the content page. Also included is an image embedder that is pre-trained on images and generates image embeddings of images captured from content pages, and a phishing classifier layer that is trained on the URL feature hashes, HTML encodings, and image embeddings of example URLs and processes the URL feature hashes, HTML encodings, and image embeddings of example URLs, each example URL with a ground truth classification as phishing or not phishing, to generate at least one likelihood score that the URL and the content page accessed via the URL presents a phishing risk.

Some implementations of the disclosed methods further include a headless browser configured to extract HTML tokens from the content that belong to a predefined token vocabulary and ignore portions of the content that do not belong to the predefined token vocabulary. Some disclosed implementations further include a headless browser configured to extract up to 64 HTML tokens for generation of an HTML encoding.

One implementation of the disclosed method for classifying a URL and a content page accessed via the URL as phishing or non-phishing includes applying a URL feature hasher to extract features from the URL and hashing the features to generate a URL feature hash. The method also includes applying an HTML encoder trained on natural language to generate an HTML encoding of the HTML tokens extracted from the rendered content page. The method further includes applying an image embedder, pre-trained on images, to generate an image embedding of an image captured from at least a portion of a rendered content page, and a phishing classifier layer trained on URL feature hashes, HTML encodings, and image embeddings for example URLs classified with a ground truth classification as phishing or not phishing, and processing the URL feature hashes, HTML encodings, and image embeddings of the URLs to generate at least one likelihood score that the URL and content accessed via the URL present a phishing risk. In one disclosed implementation, the method further includes applying a headless browser, accessing the content page via the URL and rendering the content page internally, parsing HTML tokens from the rendered content, and capturing an image of at least a portion of the rendered content.

Some disclosed implementations further include the headless browser parsing HTML tokens from the content that belong to a predefined token vocabulary and ignoring portions of the content that do not belong to the predefined token vocabulary. Some implementations also include the headless browser parsing up to 64 HTML tokens for generation of the HTML encoding.

One implementation of a disclosed computer-implemented method for training a phishing classifier layer to classify URLs and content accessed via the URLs as phishing or non-phishing includes receiving and processing URL feature hashes, HTML encodings of HTML tokens extracted from the content page, and image embeddings of images captured from renderings of the content page for example URLs to generate at least one likelihood score that each example URL and content accessed via the URL presents a phishing risk. The method includes calculating a difference between the likelihood score for each example URL and a corresponding ground truth about whether the example URL and the content page are phishing or non-phishing, using the calculated difference for the example URLs to train coefficients of the phishing classifier layer, and storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing.

Some implementations of the disclosed methods include backpropagating the differences beyond the phishing classifier layer to an encoding layer used to generate the HTML encoding. Some implementations further include not backpropagating the differences beyond the phishing classifier layer to an embedding layer used to generate the image embeddings.

Some implementations also include generating URL feature hashes for each of the example URLs, generating an HTML encoding of the HTML tokens extracted from the rendering of the content page, and generating an image embedding of the image captured from the rendering. Some implementations further include training an HTML encoder-decoder for a second example URL to generate an HTML encoding using the HTML tokens extracted from the content page of the second example URL, encoded, and then decoded to recreate the image captured from the content page of the second example URL. Some implementations of the disclosed method also include generating an image embedding using a ResNet embedder or a variant of a ResNet embedder pre-trained to embed the image in an embedding space.

One implementation of the disclosed phishing classifier that classifies a URL and a content page accessed via the URL as phishing or non-phishing includes an input processor that accepts a URL for classification, a URL embedder that generates a URL embedding for the URL, an HTML parser that extracts HTML tokens from the content page accessed via the URL, an HTML encoder that generates an HTML encoding from the HTML tokens, and a phishing classifier layer that operates on the URL embedding and HTML encoding to classify the URL and the content accessed via the URL as phishing or non-phishing.

Some implementations of the disclosed phishing classifier also include a URL embedder that extracts characters in a predefined character set from the URL to generate a string and is trained using a ground truth classification of the URL as phishing or non-phishing to generate a URL embedding. The classifier further includes an HTML parser configured to access the content of the URL and extract HTML tokens from the content page. Also included is a disclosed HTML encoder, where each example URL is trained on HTML tokens extracted from the content page of the example URL along with a ground truth image captured from the content page accessed via the example URL, generating an HTML encoding of the HTML tokens extracted from the content page; and a phishing classifier layer, where each example URL is trained on the URL embeddings and HTML encoding of the example URL along with a ground truth classification as phishing or not phishing, processing the concatenated input of the URL embeddings and HTML encoding to generate at least one likelihood score that the URL and the content accessed via the URL present a phishing risk.

For some implementations of the disclosed phishing classifiers, the input processor accepts URLs for classification in real time. In many implementations of the disclosed phishing classifiers, the phishing classifier layer operates to classify URLs and content accessed via the URLs as phishing or non-phishing in real time. In some implementations, the disclosed phishing classifiers may further include an HTML parser configured to extract HTML tokens from a content page that belong to a predefined token vocabulary and ignore portions of the content page that do not belong to the predefined token vocabulary, and may further include an HTML parser configured to extract up to 64 HTML tokens for generation of an HTML encoding.

One implementation of the disclosed computer-implemented method of classifying a URL and content accessed via the URL as phishing or non-phishing includes applying a URL embedder that extracts characters in a predefined character set from the URL to generate a string to generate a URL embedding, and trains and uses a ground truth classification of the URL as phishing or non-phishing to generate the URL embedding. The method also includes applying an HTML parser to access the content of the URL and extract HTML tokens from the content page, applying an HTML encoder to generate an HTML encoding of the extracted HTML tokens, and applying a phishing classifier layer to the concatenated input of the URL embedding and the HTML encoding to generate at least one likelihood score that the URL and the content accessed via the URL presents a phishing risk. Some implementations may also include an HTML parser that extracts HTML tokens from the content page that belong to a predefined token vocabulary and ignores portions of the content page that do not belong to the predefined token vocabulary, and may further include an HTML parser that extracts for generation of an HTML encoding of up to 64 HTML tokens. The disclosed method may also include applying the URL embedder, HTML parser, HTML encoder, and phishing classifier layer in real time. In some cases, the phishing classifier layer operates to generate at least one likelihood score that the URL and the content accessed via the URL present a phishing risk in real time.

One implementation aspect of the disclosed computer-implemented method for training a phishing classifier layer to classify URLs and content pages accessed via the URLs as phishing or non-phishing includes receiving and processing URL embeddings of characters extracted from the URLs and HTML encodings of HTML tokens extracted from the content pages for example URLs and content pages accessed via the URLs to generate at least one likelihood score that each example URL and content page accessed via the URL presents a phishing risk. The disclosed method also includes calculating the difference between the likelihood score for each example URL and each corresponding ground truth that the example URL and content page is phishing or non-phishing, using the difference for the example URLs to train coefficients of a phishing classifier layer, and storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing.

Some implementations of the disclosed method further include applying a headless browser, accessing the content of the URL to internally render the content page, and capturing an image of at least a portion of the content page. The disclosed method may further include backpropagating the difference beyond the phishing classifier layer to an encoding layer used to generate the HTML encoding, and may further include backpropagating the difference beyond the phishing classifier layer to an embedding layer used to generate the URL embedding.

Some implementations of the disclosed method further include generating a URL embedding of characters extracted from the exemplary URL, generating an HTML encoding of HTML tokens extracted from the content page accessed via the exemplary URL, and generating an image embedding of an image captured from the rendering.

Some implementations of the disclosed method further include training an HTML encoder-decoder to generate an HTML encoding for the second exemplary URL using HTML tokens extracted from the content page of the second exemplary URL, encoded, and then decoded to recreate an image captured from the content page of the second exemplary URL. The disclosed method may further include extracting HTML tokens from the content page that belong to a predetermined token vocabulary and ignoring portions of the content page that do not belong to the predetermined token vocabulary. The method may also include limiting the extraction to a predetermined number of HTML tokens and may further include generating an HTML encoding of up to 64 HTML tokens.

Other implementations of the methods described in this section may include a tangible, non-transitory computer-readable storage medium characterized by computer program instructions that, when executed on a processor, cause the processor to perform any of the methods described above. Yet another implementation of the methods described in this section may include a device including a memory and one or more processors operable to execute computer instructions stored in the memory to perform any of the methods described above.

Any data structures and code described or referenced above are, according to many implementations, stored on a computer-readable storage medium, which may be any device or medium capable of storing code and/or data for use by a computer system. This includes, but is not limited to, volatile memory, non-volatile memory, application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs), magnetic and optical storage devices such as disk drives, magnetic tape, compact discs (CDs), digital versatile discs (DVDs) or digital video discs (DVDs), or other media capable of storing computer-readable media now known or hereafter developed.

The foregoing description is presented to enable making and using the disclosed technology. Various modifications to the disclosed implementations will become apparent, and the general principles defined herein may be applied to other implementations and applications without departing from the spirit and scope of the disclosed technology. Thus, the disclosed technology is not intended to be limited to the implementations shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein. The scope of the disclosed technology is defined by the appended claims.

Provisions The following provisions are disclosed:

Clause Set 1
1. A phishing classifier that classifies URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
a URL feature hasher that parses a URL into features and hashes the features to generate a URL feature hash;
Access the content page at the URL and render the content page internally,
Extract words from content page renderings,
a headless browser configured to capture an image of at least a portion of a rendering of a content page;
a natural language encoder that is pre-trained on a natural language and that generates word encodings of words extracted from the content pages;
an image embedder that is pre-trained on images and that generates image embeddings of images captured from the content pages;
Trained on URL feature hashes, word encodings, and image embeddings of example URLs, with each example URL accompanied by a ground truth classification as phishing or non-phishing;
a phishing classifier layer that processes a concatenated input of the URL feature hashes, word encodings, and image embeddings of the URL to generate at least one likelihood score that the URL and content accessed via the URL presents a phishing risk.
2. The phishing classifier of clause 1, wherein the natural language encoder is one of: a Bidirectional Encoder Representations from Transformer (abbreviated as BERT) and a Universal Sentence Encoder.
3. The phishing classifier of claim 1, wherein the image embedder is one of: Residual Neural Network (ResNet for short), Inception-v3, and VGG-16.
4. A computer-implemented method for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash;
applying a natural language encoder that is pre-trained on a natural language and that generates word encodings for words parsed from a rendering of a content page;
applying an image encoder that is pre-trained on an image and that generates an image embedding of an image captured from at least a portion of the rendering;
applying a phishing classifier layer trained on a concatenation of URL feature hashes, word encodings, and image embeddings for example URLs with ground truth classifications as phishing or not phishing;
and processing the URL feature hashes, word encodings, and image embeddings to generate at least one likelihood score that the URL and content accessed via the URL present a phishing risk.
5. Applying headless browsers,
accessing a content page via a URL and internally rendering the content page;
Parsing words from the rendered content page;
5. The computer-implemented method of claim 4, further comprising: capturing an image of at least a portion of the rendered content page.
6. The computer-implemented method of claim 4, wherein the natural language encoder is one of: a Bidirectional Encoder Representation from Transformer (abbreviated as BERT) and a Universal Sentence Encoder.
7. The computer-implemented method of claim 4, wherein the image embedder is one of: Residual Neural Network (ResNet for short), Inception-v3, and VGG-16.
8. A non-transitory computer readable storage medium characterized by computer program instructions for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, the instructions, when executed on a processor,
applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash;
applying a natural language encoder that is pre-trained on a natural language and that generates word encodings for words parsed from a rendering of a content page;
applying an image encoder that is pre-trained on an image and that generates an image embedding of an image captured from at least a portion of the rendering;
applying a phishing classifier layer trained on a concatenation of URL feature hashes, word encodings, and image embeddings for example URLs with ground truth classifications as phishing or not phishing;
1. A non-transitory computer-readable storage medium implementing a method that includes processing the URL feature hashes, word encodings, and image embeddings to generate at least one likelihood score that the URL and content accessed via the URL present a phishing risk.
9. Applying headless browsers;
accessing a content page via a URL and internally rendering the content page;
Parsing words from the rendered content page;
and capturing an image of at least a portion of the rendered content page.
10. The non-transitory computer-readable storage medium of claim 8, wherein the natural language encoder is one of a Bidirectional Encoder Representation from Transformer (abbreviated as BERT) and a Universal Sentence Encoder.
11. The non-transitory computer-readable storage medium of claim 8, wherein the image embedder is one of: Residual Neural Network (ResNet for short), Inception-v3, and VGG-16.
12. A computer-implemented method for training a phishing classifier layer to classify URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
For an exemplary URL:
receiving and processing URL feature hashes, word encodings of words extracted from the content page, and image embeddings of images captured from the rendering of the content page;
generating at least one likelihood score that each example URL and content page accessed via the URL presents a phishing risk;
Calculating the difference between the likelihood score for each example URL and each corresponding ground truth that the example URL and content page is phishing or non-phishing;
training the coefficients of a phishing classifier layer using the differences for the example URLs;
and storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing.
13. The computer-implemented method of clause 12, further comprising not backpropagating the differences beyond a phishing classifier layer to an encoding layer used to generate the word encodings.
14. The computer-implemented method of clause 12, further comprising not backpropagating the difference beyond the phishing classifier layer to an embedding layer used to generate the image embedding.
15. The computer-implemented method of clause 12, further including generating a URL feature hash for each example URL, generating word encodings for words extracted from the rendering of the content page, and generating image embeddings for images captured from the rendering.
16. The computer-implemented method of claim 15, further comprising generating the word encodings using a Bidirectional Encoder Representation from Ransformer (abbreviated BERT) encoder or a variant of a BERT encoder.
17. The computer-implemented method of claim 15, further comprising generating the image embeddings using one of: a Residual Neural Network (abbreviated as ResNet), Inception-v3, and VGG-16.

Clause Set 2
1. A phishing classifier that classifies URLs and content pages accessed via the URLs as phishing or non-phishing,
a URL feature hasher that parses a URL into features and hashes the features to generate a URL feature hash;
Access the content page at the URL and render the content page internally,
Extracting HTML tokens from the content page;
a headless browser configured to capture an image of at least a portion of a rendering of a content page;
an HTML encoder that is trained on HTML tokens extracted from a content page of an exemplary URL, encoded, and then decoded to recreate an image captured from a rendering of the content page, and that generates an HTML encoding of the HTML tokens extracted from the content page;
an image embedder that is pre-trained on images and that generates image embeddings of images captured from the content pages;
Trained on URL feature hashes, HTML encodings, and image embeddings of example URLs, with each example URL accompanied by a ground truth classification as phishing or non-phishing;
a phishing classifier layer that processes the URL feature hashes, HTML encoding, and image embeddings of the URL to generate at least one likelihood score that the URL and a content page accessed via the URL presents a phishing risk.
2. The phishing classifier of clause 1, further comprising a headless browser configured to extract HTML tokens from the content page that belong to a predefined token vocabulary, and to ignore portions of the content page that do not belong to the predefined token vocabulary.
3. The phishing classifier of clause 1, further comprising a headless browser configured to extract for generation an HTML encoding of up to 64 HTML tokens.
4. A computer-implemented method for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash;
applying an HTML encoder trained on a natural language to generate an HTML encoding of HTML tokens extracted from a rendered content page;
an image embedder that is pre-trained on images and that generates an image embedding for an image captured from at least a portion of a rendered content page;
applying a phishing classifier layer trained on URL feature hashes, HTML encodings, and image embeddings for example URLs classified with ground truth classifications as phishing or not phishing;
1. A computer-implemented method comprising: processing the URL feature hashes, HTML encoding, and image embedding of the URL to generate at least one likelihood score that the URL and a content page accessed via the URL present a phishing risk.
5. Applying headless browsers,
accessing a content page via a URL and internally rendering the content page;
Parsing HTML tokens from the rendered content;
5. The computer-implemented method of claim 4, further comprising: capturing an image of at least a portion of the rendered content.
6. The computer-implemented method of clause 5, further comprising the headless browser parsing HTML tokens from the content that belong to a pre-defined token vocabulary and ignoring portions of the content that do not belong to the pre-defined token vocabulary.
7. The computer-implemented method of claim 5, further comprising the headless browser parsing the up to 64 HTML tokens for generation of the HTML encoding.
8. A non-transitory computer readable storage medium characterized by computer program instructions for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, the instructions, when executed on a processor,
applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash;
applying an HTML encoder trained on a natural language to generate an HTML encoding of HTML tokens extracted from a rendered content page;
applying an image embedder to generate an image embedding of the captured image from at least a portion of the rendered content;
and applying a phishing classifier layer that processes URL feature hashes, HTML encodings, and image embeddings of the URL to generate at least one likelihood score that the URL and a content page accessed via the URL presents a phishing risk.
9. When an instruction is executed on a processor:
9. The non-transitory computer-readable storage medium of claim 8, further comprising training a phishing classifier layer on URL feature hashes, HTML encodings, and image embeddings for example URLs classified with ground truth classifications as phishing or not phishing.
10. When an instruction is executed on a processor:
9. The non-transitory computer-readable storage medium of claim 8, further comprising training an HTML encoder to generate an HTML encoding of the HTML tokens extracted from the content page for the exemplary URL, encoded, and then decoded to recreate an image captured from a rendering of the content page.
11. When an instruction is executed on a processor:
9. The non-transitory computer-readable storage medium of claim 8, implementing the method, wherein the image embedder is a ResNet embedder or a variant of a ResNet embedder that is pre-trained to embed images in an embedding space.
12. When an instruction is executed on a processor:
Applying a headless browser,
accessing the content via a URL and rendering the content internally;
Parsing HTML tokens from the rendered content;
9. The non-transitory computer-readable storage medium of claim 8, further comprising: capturing an image of at least a portion of the rendered content.
13. The non-transitory computer-readable storage medium of clause 12, implementing a method wherein the instructions, when executed on a processor, further include the headless browser parsing HTML tokens from the content that belong to a pre-defined token vocabulary and ignoring portions of the content that do not belong to the pre-defined token vocabulary.
14. The non-transitory computer-readable storage medium of clause 12, wherein the instructions, when executed on a processor, implement a method further comprising the headless browser parsing up to 64 HTML tokens for generating an HTML encoding.
15. A computer-implemented method for training a phishing classifier layer to classify URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
For an exemplary URL:
receiving and processing the URL feature hashes, HTML encodings of HTML tokens extracted from the content page, and image embeddings of images captured from the rendering of the content page;
generating at least one likelihood score that each example URL and content accessed via the URL presents a phishing risk;
Calculating the difference between each example URL and each corresponding ground truth regarding whether the example URL and content page is phishing or non-phishing;
training the coefficients of a phishing classifier layer using the calculated differences for the example URLs;
and storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing.
16. The computer-implemented method of clause 15, further comprising backpropagating the differences beyond the phishing classifier layer to an encoding layer used to generate the HTML encoding.
17. The computer-implemented method of clause 15, further comprising not backpropagating the difference beyond the phishing classifier layer to an embedding layer used to generate the image embedding.
18. The computer-implemented method of clause 15, further including generating a URL feature hash for each example URL, generating an HTML encoding of HTML tokens extracted from the rendering of the content page, and generating image embeddings of images captured from the rendering.
19. The computer-implemented method of clause 18, further comprising training an HTML encoder-decoder to generate an HTML encoding for a second exemplary URL using HTML tokens extracted from the content page of the second exemplary URL, encoded, and then decoded to generate an image captured from the content page of the second exemplary URL.
20. The computer-implemented method of clause 19, further comprising generating the image embedding using a ResNet embedder or a variant of the ResNet embedder.

Clause Set 3
1. A phishing classifier that classifies URLs and content pages accessed via the URLs as phishing or non-phishing,
an input processor for accepting a URL for classification;
a URL embedder for generating a URL embedding for a URL;
an HTML parser that extracts HTML tokens from a content page accessed via a URL;
an HTML encoder for generating an HTML encoding from the HTML tokens;
a phishing classification layer that operates on the URL embedding and HTML encoding to classify the URL and the content accessed via the URL as phishing or non-phishing.
2. A URL embedder that extracts characters in a predefined character set from a URL to generate a string and is trained using ground truth classification of URLs as phishing or non-phishing to generate a URL embedding;
Access the content of the URL
an HTML parser configured to extract HTML tokens from a content page;
each example URL is trained on HTML tokens extracted from the example URL's content page along with a ground truth image captured from the content page accessed via the example URL;
an HTML encoder that generates an HTML encoding of the HTML tokens extracted from the content page;
trained on URL embeddings and HTML encodings of example URLs with a ground truth classification of each example URL as phishing or non-phishing;
and a phishing classifier layer that processes the concatenated input of the URL embedding and HTML encoding to generate at least one likelihood score that the URL and the content accessed via the URL present a phishing risk.
3. The phishing classifier of claim 1, wherein the input processor accepts URLs for classification in real time.
4. The phishing classifier of clause 1, wherein the phishing classifier layer operates to classify URLs and content accessed via the URLs as phishing or non-phishing in real-time.
5. The phishing classifier of clause 1, further comprising an HTML parser configured to extract HTML tokens from the content page that belong to a predefined token vocabulary, and to ignore portions of the content page that do not belong to the predefined token vocabulary.
6. The phishing classifier of claim 1, further comprising an HTML parser configured to extract for generation an HTML encoding of up to 64 HTML tokens.
7. A computer-implemented method for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
applying a URL embedder that extracts characters in a predefined character set from a URL to generate a string to generate a URL embedding, and training and using a ground truth classification of URLs as phishing or non-phishing;
applying an HTML parser to access the content of the URL and extract HTML tokens from the content page;
applying an HTML encoder to generate an HTML encoding of the extracted HTML tokens;
and applying a phishing classifier layer to a concatenated input of the URL embedding and the HTML encoding to generate at least one likelihood score that the URL and content accessed via the URL present a phishing risk.
8. The computer-implemented method of claim 7, further comprising an HTML parser that extracts HTML tokens from the content page that belong to a predefined token vocabulary and ignores portions of the content page that do not belong to the predefined token vocabulary.
9. The computer-implemented method of claim 7, further comprising the HTML parser extracting for generation an HTML encoding of up to 64 HTML tokens.
10. The computer-implemented method of clause 7, further comprising applying in real-time a URL embedder, an HTML parser, an HTML encoder, and a phishing classifier layer.
11. The computer-implemented method of clause 7, wherein the phishing classifier layer operates to generate at least one likelihood score that a URL and content accessed via the URL presents a phishing risk in real time.
12. A non-transitory computer readable storage medium characterized by computer program instructions for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, the instructions, when executed on a processor,
applying a URL embedder to extract characters in a predefined character set from the URL to generate a string to generate a URL embedding;
applying an HTML parser to extract HTML tokens from the content page;
applying an HTML encoder to generate an HTML encoding of the extracted HTML tokens;
1. A non-transitory computer-readable storage medium implementing a method that includes applying a phishing classifier layer to a concatenated input of the URL embedding and the HTML encoding to generate at least one likelihood score that the URL and content accessed via the URL present a phishing risk.
13. The non-transitory computer-readable storage medium of clause 12, implementing a method, wherein the instructions, when executed on a processor, further include an HTML parser that extracts HTML tokens from the content page that belong to a pre-defined token vocabulary and ignores portions of the content page that do not belong to the pre-defined token vocabulary.
14. The non-transitory computer-readable storage medium of clause 12, implementing a method, the instructions, when executed on a processor, further comprising: an HTML parser extracting for generation of an HTML encoding of up to 64 HTML tokens.
15. The non-transitory computer-readable storage medium of clause 12, implementing a method, the instructions, when executed on a processor, further comprising training an HTML encoder on HTML tokens extracted from content pages of example URLs, where each example URL is accompanied by a ground truth image captured from the content page accessed via the example URL.
16. The non-transitory computer-readable storage medium of clause 12, implementing a method, the instructions, when executed on a processor, further comprising training a phishing classifier layer on URL embeddings and HTML encodings of example URLs, each example URL with a ground truth classification as phishing or not phishing.
17. A computer-implemented method for training a phishing classifier layer to classify URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
For an example URL and a content page accessed via the URL:
receiving and processing the URL and the HTML encoding of the HTML tokens extracted from the content page and the URL embedding of the extracted characters;
generating at least one likelihood score that each example URL and content page accessed via the URL presents a phishing risk;
Calculating the difference between the likelihood score for each example URL and each corresponding ground truth that the example URL and content page is phishing or non-phishing;
training the coefficients of a phishing classifier layer using the differences for the example URLs;
and storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing.
18. Applying a headless browser;
accessing the content of the URL and internally rendering the content page;
20. The computer-implemented method of claim 17, further comprising: capturing an image of at least a portion of the content page.
19. The computer-implemented method of clause 17, further comprising backpropagating the differences beyond the phishing classifier layer to an encoding layer used to generate the HTML encoding.
20. The computer-implemented method of clause 17, further comprising backpropagating the differences beyond the phishing classifier layer to an embedding layer used to generate URL embeddings.
21. Generating a URL embedding of characters extracted from an example URL;
20. The computer-implemented method of claim 18, further comprising: generating an HTML encoding of the HTML tokens extracted from the content page accessed via the exemplary URL; and generating an image embedding of the image captured from the rendering.
22. The computer-implemented method of clause 18, further comprising training an HTML encoder-decoder to generate HTML encoding for a second exemplary URL using HTML tokens extracted from the content page of the second exemplary URL, encoded, and then decoded to recreate the image captured from the content page of the second exemplary URL.
23. The computer-implemented method of clause 17, further comprising extracting HTML tokens from the content page that belong to a predefined token vocabulary, and ignoring portions of the content page that do not belong to the predefined token vocabulary.
24. The computer-implemented method of clause 23, further comprising limiting the extraction to a predetermined number of HTML tokens.
25. The computer-implemented method of clause 23, further comprising generating an HTML encoding of up to 64 HTML tokens.

Claims (17)

a phishing classifier for classifying a URL and a content page accessed via said URL as phishing or non-phishing,
a URL feature hasher that parses the URL into features and hashes the features to generate a URL feature hash;
Accessing the content page at the URL and internally rendering the content page;
Extracting words from the rendering of the content page;
a headless browser configured to capture an image of at least a portion of the rendering of the content page;
a natural language encoder that is pre-trained on a natural language and that generates word encodings of the words extracted from the content pages;
an image embedder that is pre-trained on images and that generates an image embedding of the image captured from the content page;
a phishing classifier layer that processes a concatenated input of the URL feature hash, the word encoding, and the image embedding of the URL to generate at least one score that indicates a phishing risk of the URL and the content accessed via the URL;
a phishing classifier, the phishing classifier layer being trained on the URL feature hashes, the word encodings, and the image embeddings of example URLs, each example URL being accompanied by a ground truth classification as either phishing or not phishing. The phishing classifier of claim 1, wherein the natural language encoder is one of a Bidirectional Encoder Representation from Transformer (abbreviated BERT) and a Universal Sentence Encoder. The phishing classifier of claim 1, wherein the image embedder is one of: Residual Neural Network (abbreviated as ResNet), Inception-v3, and VGG-16. 1. A computer-implemented method for classifying URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash;
applying a natural language encoder that is pre-trained on a natural language and that generates word encodings for words parsed from the rendering of the content page;
applying an image embedder that is pre-trained on an image and that generates an image embedding of an image captured from at least a portion of the rendering;
applying a phishing classifier layer trained on the concatenation of the URL feature hashes, the word encodings, and the image embeddings for example URLs with ground truth classifications as phishing or not phishing;
and processing a concatenated input of the URL feature hash, the word encodings, and the image embeddings to generate at least one score that indicates a phishing risk of the URL and the content accessed via the URL. Applying a headless browser,
accessing the content page via the URL and internally rendering the content page;
Parsing words from the rendered content page;
The computer-implemented method of claim 4 , further comprising: capturing an image of at least a portion of the rendered content page. The computer-implemented method of claim 4, wherein the natural language encoder is one of a Bidirectional Encoder Representation from Transformer (abbreviated BERT) and a Universal Sentence Encoder. The computer-implemented method of claim 4, wherein the image embedder is one of: Residual Neural Network (abbreviated as ResNet), Inception-v3, and VGG-16. 1. A non-transitory computer readable storage medium characterized by computer program instructions for classifying URLs and content pages accessed via said URLs as phishing or non-phishing, said instructions, when executed on a processor, comprising:
applying a URL feature hasher to extract features from the URL and hash the features to generate a URL feature hash;
applying a natural language encoder that is pre-trained on a natural language and that generates word encodings for words parsed from the rendering of the content page;
applying an image embedder that is pre-trained on an image and that generates an image embedding of an image captured from at least a portion of the rendering;
applying a phishing classifier layer trained on the concatenation of the URL feature hashes, the word encodings, and the image embeddings for example URLs with ground truth classifications as phishing or not phishing;
and processing a concatenated input of the URL feature hash, the word encodings, and the image embeddings to generate at least one score that presents a phishing risk for the URL and the content accessed via the URL. Applying a headless browser,
accessing the content page via the URL and internally rendering the content page;
Parsing words from the rendered content page;
and capturing an image of at least a portion of the rendered content page. The non-transitory computer-readable storage medium of claim 8, wherein the natural language encoder is one of a Bidirectional Encoder Representation from Transformer (abbreviated BERT) and a Universal Sentence Encoder. The non-transitory computer-readable storage medium of claim 8, wherein the image embedder is one of a residual neural network (abbreviated as ResNet), Inception-v3, and VGG-16. 1. A computer-implemented method for training a phishing classifier layer to classify URLs and content pages accessed via the URLs as phishing or non-phishing, comprising:
For an exemplary URL:
receiving and processing a concatenated input of URL feature hashes, word encodings of words extracted from the content page, and image embeddings of images captured from a rendering of the content page;
generating at least one score representing a phishing risk for each example URL and the content page accessed via said URL;
calculating a difference between the score for each example URL and each corresponding ground truth that the example URL and the content page are phishing or non-phishing;
training coefficients of the phishing classifier layer using the differences for the example URLs;
and storing the trained coefficients for use in classifying production URLs and content pages accessed via the production URLs as phishing or non-phishing. The computer-implemented method of claim 12, further comprising not backpropagating the differences beyond the phishing classifier layer to an encoding layer used to generate the word encodings. The computer-implemented method of claim 12, further comprising not backpropagating the difference beyond the phishing classifier layer to an embedding layer used to generate the image embeddings. The computer-implemented method of claim 12, further comprising: generating the URL feature hash for each of the example URLs; generating the word encodings of words extracted from the rendering of the content page; and generating the image embeddings of the images captured from the rendering. The computer-implemented method of claim 15, further comprising generating the word encodings using a Bidirectional Encoder Representation (abbreviated BERT) encoder or a variant of a BERT encoder from Transformer. 16. The computer-implemented method of claim 15, further comprising generating the image embeddings using one of: a Residual Neural Network (ResNet for short), Inception-v3, and VGG-16.

Images