Patent attributes
In an embodiment, the disclosed technologies include extracting, from a link contained in an electronic message received from an upstream device on a network, first unit-level input data of a first semantic type and second unit-level input data of a second semantic type; in response to inputting the first and second unit-level input data into first and second deep learning models, respectively, outputting, by the first and second deep learning models, first and second unit-level classification data that corresponds to the first and second unit-level input data, respectively, the first deep learning model having been trained to recognize, in unit-level data of the first semantic type, first patterns of syntactic features and semantic features that are predictive of phishing and the second deep learning model having been trained to recognize, in unit-level data of the second semantic type, second patterns of syntactic features and semantic features that are predictive of phishing; combining the first and second unit-level classification data with at least one numeric feature that has been extracted from context data to produce link-level input data; in response to inputting the link-level input data into a third deep learning model, outputting, by the third deep learning model, link-level classification data, the third deep learning model having been trained to recognize patterns of syntactic features and semantic features and numeric features that are predictive of phishing; in response to the link-level classification data matching a criterion, causing the network to modify, delay, or block transmission of the electronic message to a downstream device.
