| CPC H04L 63/0236 (2013.01) [G06N 20/00 (2019.01); H04L 63/0263 (2013.01); H04L 63/1416 (2013.01)] | 15 Claims |
|
1. A URL filtering system comprising: a hardware processor; and a memory accessible by the processor, the memory having stored therein at least one of programs or instructions executable by the at least one processor to cause the filtering system to perform operations comprising: receiving a URL request to access a resource associated with the URL; filtering the URL by comparing the URL to a blocklist of URLs having respective malicious resources associated to predict if a resource associated with the URL is malicious;
in response to determination that the URL does not match a URL on the blocklist and that, as such, a resource associated with the URL is not malicious, filtering the URL by applying a machine learning algorithm trained to analyze the URL using block list rules to predict whether a resource associated with the URL is malicious;
in response to determination, using the block list rules, that a resource associated with the URL is not malicious, filtering the URL by comparing at least one visual feature of a resource associated with the URL with at least one respective visual feature of known non-malicious webpages to identify similarities and/or differences to determine if a resource associated with the URL is malicious; and
in response to determination that a resource associated with the URL is malicious, generating and transmitting a URL filter determination that the resource associated with the URL is malicious and updating the blocklist to include the URL, wherein in response to determination that an amount of the similarities are below a user-defined threshold or an amount of the differences are above the user-defined threshold, the resource associated with the URL is determined to be malicious.
|