| CPC H04L 63/1483 (2013.01) [H04L 63/1416 (2013.01)] | 18 Claims |
|
1. A system comprising:
a processor; and a non-transitory memory comprising instructions that when executed by the processor, performs:
obtaining a weblink of a website of interest;
capturing a first image of the website of interest by rendering and screenshotting the website of interest;
detecting, using a machine learning model, a similarity between the first image of the website of interest and a second image of legitimate websites corresponding to a label in a database;
grabbing a first IP address of the website of interest if the similarity is detected;
comparing the first IP address of the website of interest with a database of legitimate IP addresses in at least one of a static context and a dynamic context to identify a difference; and
generating a phishing website alarm based on a presence of the difference,
wherein the machine learning model is trained using a first dataset in an image database; wherein the first dataset is expanded to a third dataset by adding a second dataset to the first dataset, the second dataset is obtained by performing augmentation and creating variations to the first dataset; and
wherein the machine learning model is retrained using the third dataset in the image database.
|