| CPC G06F 16/9566 (2019.01) [G06F 16/90344 (2019.01); G06F 18/22 (2023.01); G06N 7/01 (2023.01); H04L 63/1483 (2013.01)] | 18 Claims |
|
1. A computer-implemented method, comprising:
intercepting, at a component that is distinct from a user and adapted to be updated using feedback that is specific to the user, a request from the user for a destination specified by a uniform resource locator (URL), the intercepting occurring prior to a receipt of the request by a request resolution server;
determining, by analyzing textual content associated with the URL, a first set of match scores corresponding to a first set of probabilistic matches with entries on a list of approved URLs in the component, the match scores determined in part on similarities identified between text of the URL and text of respective URLs on the list of approved URLs;
determining whether one or more of the first set of match scores for the probabilistic matches did not reach a suspicion threshold;
determining, in response to at least one of the first set of match scores matches did not reach the suspicion threshold:
a second set of match scores based in part on similarities identified between the text of one or more substrings of the URL and the text of respective URLs on the list of approved URLs, and
a third set of match scores when the URL containing fully-qualified domain name (FQDN), where the URL string is decomposed into composite parts and a combined probabilistic string comparison to be performed; and
in response to determining that one or more of the second set of match scores for a subset of the probabilistic matches or the third set of match scores exceeds the suspicion threshold, which is indicative of a non-exact probabilistic match, sending a user notification to confirm the URL before transmitting the request to the destination, wherein the sending of the user notification is enabled to occur after analyzing the URL and the one or more substrings of the URL.
|