SYSTEM AND METHOD FOR DETECTING ANOMALIES IN DIGITAL PLATFORMS

Abstract

The present disclosure provides a system 102 and a method 500 for detecting anomalies in digital platforms. The method 500 includes receiving 502 data associated with one or more webpages, parameters associated with the webpages, and configuration information of a profile associated with the webpages and dynamically determining 504 presence of the anomalies in the webpages based on the reception of the data, the parameters, and the configuration information. Further, the method 500 includes transmitting 506 an alert signal to a device associated with a user based on the determination of the anomalies. Therefore, the system 102 and the method 200 overcome the limitations of traditional approaches by providing an integrated and scalable solution that ensures immediate response to potential threats, reducing risk of exposure to cyber-attacks.

Specification

Description:TECHNICAL FIELD
[001] The present disclosure relates to the field of cybersecurity systems. In particular, the present disclosure provides a system and a method for protecting digital platforms, for example, websites from sophisticated cyber threats by integrating multiple security features, including real-time website defacement detection, port scanning, and web application misconfiguration detection, thereby enhancing security posture and ensuring rapid threat response.

BACKGROUND
[002] In today's digital age, protecting digital platforms such as, but not limited to, websites and mobile applications from cyber threats is crucial. Existing systems require multiple tools for comprehensive security, leading to complexity and inefficiencies. Current solutions often fail to scale effectively for large enterprises monitoring numerous assets. Further, the lack of real-time analysis results in delayed detection and response, increasing the risk of data breaches and attacks. Additionally, ensuring compliance with industry standards is complex and often requires separate tools for different regulations. Further, current tools delay threat detection, as the current tools often fail to provide real-time alerts for website defacement and vulnerabilities, leading to delayed responses. Furthermore, fragmented security solutions necessitate multiple tools for comprehensive security, creating complexity and inefficiencies. Additionally, limited scalability in existing technologies makes it challenging for enterprises to monitor numerous digital assets. Integration with development pipelines is often lacking, hindering continuous security monitoring. Furthermore, ensuring adherence to various industry standards typically requires separate tools and manual efforts.
[003] Therefore, there is a need to address the drawbacks mentioned above and any other shortcomings, or at the very least, provide an efficient alternative to the existing methods and systems.



OBJECTS OF THE PRESENT DISCLOSURE
[004] A general object of the present disclosure is to provide an efficient and a reliable system and method that obviates at least the above-mentioned limitations of existing systems and methods in an efficient manner.
[005] An object of the present disclosure is to provide an integrated, real-time cybersecurity platform that combines advanced detection techniques with a scalable micro services architecture.
[006] An object of the present disclosure is to provide a system and a method for protecting digital platforms, for example, websites from sophisticated cyber threats, thereby enhancing security posture and ensuring rapid threat response.
[007] Another object of the present disclosure is to provide a system and a method that utilizes Artificial Intelligence (AI) techniques and Machine Learning (ML) techniques to continuously monitor a presence of change in a webpage, thereby transmitting automated alerts upon detecting anomalies.

SUMMARY
[008] Aspects of the present disclosure relate to the field of cybersecurity systems. In particular, the present disclosure provides a system and a method for protecting digital platforms from sophisticated cyber threats by integrating multiple security features, including real-time website defacement detection, port scanning, and web application misconfiguration detection, thereby enhancing security posture and ensuring rapid threat response.
[009] An aspect of the present disclosure relates to a method for detecting anomalies in digital platforms. The method includes receiving, by one or more processors associated with a system, data associated with one or more webpages, one or more parameters associated with the one or more webpages, and configuration information of a profile associated with each of the one or more webpages and dynamically determining, by the one or more processors, presence of the anomalies in the one or more webpages based on the reception of the data, the one or more parameters, and the configuration information for transmitting, by the one or more processors, an alert signal to a device associated with a user based on the determination of the anomalies .
[010] In an embodiment, for determining, by the one or more processors, the presence of the anomalies in the one or more webpages based on the reception of the data, the method may include determining, by the one or more processors, types of content associated with the received data and segregating, by the one or more processors, the types of content. Further, the method may include detecting, by the one or more processors, a presence of change in at least one type of content; and detecting, by the one or more processors, the presence of the anomalies based on the detection of the presence of change.
[011] In an embodiment, the types of content comprises at least one of: a text in the one or more webpages, an image in the one or more webpages, and a code in the one or more webpages.
[012] In an embodiment, the method may include periodically receiving, the one or more processors, the image in the one or more webpages and determining, by the one or more processors, pixels associated with the image. Further, the method may include comparing, by the one or more processors, each pixel of the image with each reference pixel associated with a reference image and detecting, by the one or more processors, the presence of change in at least one pixel of the image for detecting, by the one or more processors, the presence of the anomalies based on the detection of the presence of change in the at least one pixel.
[013] In an embodiment, the method may include receiving the text associated with the one or more webpages and fetching information of historical events from a database associated with the system. Further, the method may include determining a pattern of the anomalies that occurred in the text based on the information of historical events and comparing the pattern of the anomalies in the text with the text associated with the one or more webpages. Further, the method may include predicting, by the one or more processors, a presence of change in the text associated with the one or more webpages using Machine Learning (ML) techniques based on the comparison.
[014] In an embodiment, the method may include determining, by the one or more processors, a digital signature for one or more webpages and periodically generating, by the one or more processors, a hash value using hashing techniques. Further, the method may include comparing, by the one or more processors, the hash value for each of the one or more webpages with the digital signature and determining, by the one or more processors, a mismatch between the hash value and the digital signature based on the comparison. Further, the method may include comparing, by the one or more processors, a code associated with the hash value and a code associated with the digital signature based on the determination of the mismatch and dynamically determining, by the one or more processors, the presence of the change in the code based on the comparison. Further, the method may include detecting, by the one or more processors, the presence of the anomalies based on the detection of the presence of change in the code.
[015] In an embodiment, the method may include monitoring, by the one or more processors, the hash value for a predefined time interval for the comparison.
[016] In an embodiment, the one or more parameters comprises at least one of: Internet Protocol (IP) addresses, subnet ranges, port identities, and a scan intensity.
[017] In an embodiment, the method may include scanning, by the one or more processors, domains associated with the one or more webpages and determining, by the one or more processors, the IP addresses corresponding to the domains based on scanning. Further, the method may include scanning, by the one or more processors, a port associated with each of the IP addresses and determining, by the one or more processors, that the IP addresses are in an active state based on scanning the port. Further, in response to determining that the IP addresses are in the active state, the method may include determining, by the one or more processors, presence of open ports. Further, the method may include segregating, by the one or more processors, each of the IP addresses based on the presence of open ports and determining, by the one or more processors, a version corresponding to each of the open ports. Further, the method may include detecting, by the one or more processors, the anomalies in the respective version and generating, by the one or more processors, a report based on the anomalies.
[018] In an embodiment, determining, by the one or more processors, that the IP addresses are in an inactive state. Further, in response to determining that the IP addresses are in the inactive state, the method may include generating, by the one or more processors, the report based on the determination of the inactive state of the IP addresses.
[019] In an embodiment, the method may include detecting, by the one or more processors, a misconfiguration in the configuration information of the profile; and determining, by the one or more processors, the anomalies based on the detection of the misconfiguration.
[020] Another aspect of the present disclosure relates to a system for detecting anomalies in digital platforms. The system includes one or more processors and a memory coupled to the one or more processors, wherein the memory comprises processor-executable instructions, which on execution, cause the one or more processors to receive data associated with one or more webpages, one or more parameters associated with the one or more webpages, and configuration information of a profile associated with each of the one or more webpages and dynamically determine presence of the anomalies in the one or more webpages based on the reception of the data, the one or more parameters, and the configuration information to transmit an alert signal to a device associated with a user based on the determination of the anomalies.
[021] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent components.

BRIEF DESCRIPTION OF THE DRAWINGS
[022] The accompanying drawings are included to provide a further understanding of the present disclosure and are incorporated in and constitute a part of this specification. The drawings illustrate exemplary embodiments of the present disclosure and, together with the description, serve to explain the principles of the present disclosure.
[023] FIG. 1 illustrates a block diagram of an example system for detecting anomalies in digital platforms, in accordance with an embodiment of the present disclosure.
[024] FIGs. 2-4 illustrate a flow chart of an example method for detecting a presence of change in content, in accordance with an embodiment of the present disclosure.
[025] FIG. 5 illustrates a flow chart of an example method for detecting the anomalies in the digital platforms, in accordance with an embodiment of the present disclosure.
[026] FIG. 6 illustrates an exemplary computer system in which or with which embodiments of the present disclosure may be implemented.

DETAILED DESCRIPTION
[027] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments; on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present disclosures as defined by the appended claims.
[028] Embodiments explained herein relate to a cybersecurity platform. In particular, the present disclosure relates to a system and a method for protecting digital platforms, for example, websites from sophisticated cyber threats by integrating multiple security features, including real-time website defacement detection, port scanning, and web application misconfiguration detection, thereby enhancing security posture and ensuring rapid threat response. Various embodiments with respect to the present disclosure will be explained in detail with reference to FIGs. 1-6.
[029] FIG. 1 illustrates a block diagram 100 of an example system 102 for detecting anomalies in digital platforms, in accordance with an embodiment of the present disclosure.
[030] Referring to FIG. 1, the system 102 may include one or more processors 104, a memory 106, and an interface(s) 108. The one or more processors 104 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that manipulate data based on operational instructions. Among other capabilities, the one or more processor(s) 104 may be configured to fetch and execute computer-readable instructions stored in the memory 106 of the system 102. The memory 106 may store one or more computer-readable instructions or routines, which may be fetched and executed. The memory 106 may include any non-transitory storage device including, for example, volatile memory such as Random-Access Memory (RAM), or non-volatile memory such as Erasable Programmable Read-Only Memory (EPROM), flash memory, and the like.
[031] The interface(s) 108 may comprise a variety of interfaces, for example, a variety of interfaces, for example, interfaces for data input and output devices, referred to as I/O devices, storage devices, and the like. The interface(s) 108 may facilitate communication of the system 102 with various devices coupled to it. The interface(s) 108 may also provide a communication pathway for one or more components of the system 102. Examples of such components include but are not limited to, processing engine(s) 110 and a database 112. The database 112 may include data that is either stored or generated as a result of functionalities implemented by any of the components of the processing engine(s) 110.
[032] In an embodiment, the processing engine(s) 110 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) 110. In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) 110 may be processor executable instructions stored on a non-transitory machine-readable storage medium, and the hardware for the one or more processor(s) 104 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) 110. In such examples, the system 102 may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system 102 and the processing resource. In other examples, the processing engine(s) 110 may be implemented by an electronic circuitry. The processing engine(s) 110 may include a reception module 112, a change determination module 114, a port scanning module 116, a misconfiguration determination module 118, and other module(s) 120. The other module(s) 120 may implement functionalities that supplement applications/functions performed by the processing engine(s) 110. In an embodiment, the other module(s) 120 may include, but not limited to an anomalies detection module, a real-time data processing module, a Machine Learning (ML) module, and the like.
[033] In an embodiment, the reception module 112 may be configured to receive data associated with webpages, parameters associated with the webpages, and configuration information of a profile associated with the webpages. In an embodiment, for detecting a presence of the anomalies in the webpages based on the reception of the data, the reception module 112 may determine types of content associated with the received data and segregate the types of content. In an embodiment, the anomalies detection module may detect a presence of change in at least one type of content. In an embodiment, if the presence of change is detected, the anomalies detection module may detect the presence of anomalies. In an embodiment, the types of content may include, but not limited to a text in the webpages, an image in the webpages, and a code in the webpages.
[034] In an embodiment, for determining the presence of the anomalies in the image, the change determination module 114 may periodically receive the image in the webpages and determining pixels associated with the image. In an embodiment, the change determination module 114 may compare each pixel of the image with each reference pixel associated with a reference image and detect the presence of change in at least one pixel of the image. In an embodiment, the change determination module 114 may detect the presence of the anomalies based on the detection of the presence of change in the at least one pixel.
[035] In an embodiment, for determining the presence of the anomalies in the text, the change determination module 114 may receive the text associated with the webpages and fetch information of historical events from the database 112. Once the text are received and the information of historical events are fetched, the change determination module 114 may determine a pattern of the anomalies that occurred in the text based on the information of historical events and compare the pattern of the anomalies in the text with the text associated with the webpages. In an embodiment, the change determination module 114 may predict the presence of change in the text using ML techniques based on the comparison.
[036] In an embodiment, for determining the presence of anomalies in the code, the change determination module 114 may determine a digital signature for the webpages and periodically generate a hash value using hashing techniques. In an embodiment, the change determination module 114 may compare the hash value for each webpage with the digital signature and determine a mismatch between the hash value and the digital signature based on the comparison. In an embodiment, the change determination module 114 may compare a code associated with the hash value and a code associated with the digital signature based on the determination of the mismatch. In an embodiment, the change determination module 114 may dynamically determine the presence of the change in the code based on the comparison and detect the presence of the anomalies based on the detection of the presence of change in the code. In an embodiment, for comparing the code associated with the hash value and the code associated with the digital signature, the change determination module 114 may monitor the hash value for a predefined time interval for the comparison. For example, for website defacement detection, monitoring frequency may be set from every 1 minute to once every 24 hours, with alert sensitivity adjustable from high to low based on magnitude of changes detected.
[037] In an embodiment, the one or more parameters may include, but not limited to Internet Protocol (IP) addresses, subnet ranges, port identities, and a scan intensity. In an embodiment, the port scanning module 116 may scan domains associated with the webpages and determine the IP addresses corresponding to the domains based on scanning. In an embodiment, the port scanning module 116 may scan a port associated with each of the IP addresses and determine that the IP addresses are in an active state based on scanning the port. In an embodiment, in response to determining that the IP addresses are in the active state, the port scanning module 116 may determine presence of open ports and segregate each of the IP addresses based on the presence of open ports. In an embodiment, the port scanning module 116 may determine a version corresponding to each of the open ports and detect the anomalies in the respective version to generate a report based on the anomalies. In an embodiment, if the IP addresses are in an inactive state, the port scanning module 116 may generating the report based on the determination of the inactive state of the IP addresses. By customizing these parameters, the users can tailor the port scanning process to their specific security needs, enabling more precise detection of open ports and potential security weaknesses. For example, for port scanning, the port range may vary from specific ports (e.g., 80, 443) to all ports (1-65535), and the scan intensity may be adjusted from light to exhaustive based on user preference. These ranges may be customized according to specific organizational needs and threat levels. This module should include details as per process flow.
[038] In an embodiment, the misconfiguration determination module 118 may detect a misconfiguration in the configuration information of the profile and determine the anomalies based on the detection of the misconfiguration. Further, the misconfiguration determination module 118 may validate information of a Secure Sockets Layer (SSL) and a Transport Layer Security (TLS) and determine the anomalies in the information of the SSL and the TLS. Further, the misconfiguration determination module 118 may generate a report based on the determination of the anomalies in the data of the SSL/TLS. In an embodiment, the report may include, but not limited to, directory listings, default credentials, security header misalignments, SSL/TLS certificate issues, and the like. In an embodiment, a web application misconfiguration engine (e.g., the misconfiguration determination module 118) may be designed to identify and report on security misconfigurations within web applications and address various issues, including directory listings, default credentials, security header misalignments, and SSL/TLS certificate problems. By thoroughly analyzing web applications, the misconfiguration determination module 118 may detect and rectify these vulnerabilities, ensuring a more secure application environment. For example, web application misconfiguration detection may be scheduled from every 1 hour to once every 24 hours, with vulnerability sensitivity adjustable from high to low depending on security level requirements. These ranges may be customized according to specific organizational needs and threat levels. In an embodiment, the system 102 may be configured to transmit an alert signal to a device associated with a user (e.g., an operator) based on the determination of the anomalies.
[039] In an embodiment, multi-algorithm defacement detection is a cybersecurity platform (e.g., the system 102) that may utilize a combination of hashing, code comparison, and the ML techniques for real-time detection of unauthorized changes (e.g., the anomalies) on websites (e.g., the webpages), with immediate alert capabilities.
In an embodiment, comprehensive mobile application security analysis may be an integrated system that may employ static and dynamic analysis, including Application Programming Interface (API) security and malware detection, for in-depth vulnerability assessment of mobile applications, ensuring regulatory compliance. For example, in mobile application security, static analysis may be conducted from a source code level to a binary level, while dynamic analysis may last from 1 minute to 60 minutes per application. It may be appreciated that the range is exemplary and may be customized according to specific organizational needs and threat levels.
[040] In an embodiment, the real-time data processing module may ingest security events from multiple sources for real-time streaming and determine the anomalies based on the ingested security events. Further, the real-time data processing module may generate the alert signal based on the determination of the anomalies. In an embodiment, the system 102 may utilize Kafka for real-time data processing and enabling quick aggregation from multiple sources and supports immediate threat response by facilitating the efficient streaming and processing of data as generated. By leveraging Kafka, the system 102 may ensure that security events are promptly analysed and acted upon, enhancing the overall effectiveness of threat detection and response mechanisms. In an embodiment, the ML module may fetch the information of historical events from the database 112 and determine a pattern of the anomalies that occurred in at least one webpage based on the information of historical events. Further, the ML module may predict the anomalies based on the determination of the patterns using Artificial Intelligence (AI) techniques to mitigate the anomalies. In an embodiment, the cybersecurity platform may integrate the AI techniques to provide AI-powered threat intelligence, enabling predictive analysis of potential threats. By leveraging historical data, the system 102 may identify the patterns and trends that may indicate emerging risks and allow for the early detection of potential threats and the implementation of mitigation strategies before digital assets are impacted. For example, in terms of thresholds of the AI techniques and the ML techniques, anomaly detection sensitivity may be adjusted from high to low based on historical data patterns, with model updates occurring from daily to monthly. Finally, compliance checks can be performed weekly to monthly, covering from selected standards (e.g., an Open Web Application Security Project (OWASP), a General Data Protection Regulation (GDPR)) to all relevant standards. These ranges may be customized according to specific organizational needs and threat levels.
[041] In an embodiment, the cybersecurity platform may be designed with a modular micro services-based architecture, a distinct architectural approach that allows each security component to function independently and supports modular updates and scalability, ensuring that enhancements or changes to one component do not impact the overall system performance. By isolating each function within own service, the cybersecurity platform may efficiently manage and scale various security features, providing a robust and adaptable solution that maintains high performance and reliability.
[042] In an embodiment, logs are records generated by the system 102 or application hosting a website or software. The records may capture details of various activities and events occurring during the operation of the web application. For instance, a firewall of the system 102 may generate logs that record network access attempts, while an application server creates logs to track a performance of the webpages or any errors encountered.
[043] Therefore, the present disclosure provides a cybersecurity platform (e.g., the system 102) that may be designed to protect websites (e.g., the webpages) from sophisticated cyber threats. Further, the present disclosure may integrate multiple security features, including real-time website defacement detection, port scanning, and web application misconfiguration detection. Additionally, the cybersecurity platform may also incorporate an Interactive Application Security Testing (IAST) module for comprehensive mobile application analysis, utilizing both static and dynamic assessments to identify vulnerabilities. By integrating AI techniques and ML techniques, the system 102 may continuously monitor digital assets, transmitting automated alerts upon detecting anomalies and supports compliance with industry standards such as the OWASP, the GDPR, Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI-DSS). Additionally, the modular micro services architecture may enhance scalability and flexibility, enabling real-time processing of large data volumes through Apache Kafka and Elasticsearch-Logstash-Kibana (ELK) stack integration. The ELK stack integration comprehensive approach may ensure proactive threat mitigation, robust data integrity, and seamless integration with Development and Operations (DevOps) pipelines, making an indispensable tool for safeguarding digital assets across diverse industries. Further, the present disclosure may provide an integrated, real-time cybersecurity platform that combines advanced detection techniques with a scalable, micro services architecture.
[044] Additionally, the present disclosure may provide advanced techniques for real-time monitoring, providing immediate alerts for website defacement and vulnerabilities, significantly reducing response times and combines multiple security features into a single, cohesive solution, streamlining processes and reducing complexity. The use of a scalable micro services architecture ensures the cybersecurity platform can efficiently scale to protect numerous websites and the mobile applications simultaneously. Seamless integration with Continuous Integration/Continuous Deployment (CI/CD) pipelines may enable continuous security monitoring, ensuring vulnerabilities are identified and addressed during development. Additionally, the cybersecurity platform may automate compliance checks against industry standards such as the Open Web Application Security Project (OWASP), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI-DSS), simplifying regulatory adherence.
[045] Currently, protecting websites from cyber threats is crucial. The cybersecurity platform (e.g., the system 102) may address various security challenges through an integrated approach, combining real-time monitoring, advanced detection techniques, and user-friendly features. Built on a micro services architecture, the cybersecurity platform may allow for scalability and flexibility, enabling different components to operate independently and facilitating updates and maintenance without affecting the entire system.
[046] Additionally, key features of the cybersecurity platform may include website defacement detection, which continuously monitors websites for unauthorized changes such as alterations in text, images, or scripts. Utilizing hashing techniques and the AI techniques, the system 102 may detect defacement quickly and immediately alert the administrator, preventing further damage. For the mobile applications, the cybersecurity platform may combine static and dynamic analysis to assess vulnerabilities, scan files for malware, analyse code for weaknesses, and test applications in a sandbox environment, ultimately providing a detailed security report. Additionally, the port scanning capabilities may identify open ports on servers, which may be potential entry points for attackers, offering customizable scanning options, including port range and scan intensity. Regular scans may detect unauthorized access attempts, ensuring server security. Additionally, the system 102 may include a web application misconfiguration detection module to identify and report common misconfigurations, such as directory listing, default credentials, and security header issues, allowing for immediate corrective action.
[047] In an embodiment, the cybersecurity platform may incorporate the AI techniques and the ML techniques to enhance threat detection, identifying patterns and anomalies that may indicate security breaches and providing proactive protection. Automated compliance checks against industry standards such as OWASP, GDPR, HIPAA, and PCI-DSS may be integrated into the cybersecurity platform, ensuring that organizations remain compliant with regulations and reducing the risk of penalties. The user experience is enhanced by a user-friendly dashboard that may provide real-time insights into security status, with customizable alerts and detailed reports to help users manage and respond to threats efficiently.
[048] In an embodiment, the cybersecurity platform may provide several unique features that distinguish from existing solutions. Initially, the cybersecurity platform may uniquely combine multiple security functions such as defacement detection, mobile app scanning, port scanning, and misconfiguration detection into a single, cohesive solution, which requires advanced integration skills. Additionally, the cybersecurity platform may employ sophisticated algorithms, using the AI techniques and the ML techniques for real-time threat detection and anomaly identification, going beyond typical knowledge in the field. The cybersecurity platform may also utilize a scalable micro services architecture, allowing for the independent operation and scaling of security components, which necessitates specialized expertise in software architecture. Additionally, the cybersecurity platform may automate compliance checks with multiple industry standards within a single platform, involving complex regulatory knowledge and technical implementation. Furthermore, the platform leverages advanced technologies like Kafka and the Elasticsearch-Logstash-Kibana (ELK) stack for real-time data processing and analysis, a skill set that may not be common among average practitioners. In real-world scenarios, the threats may be successfully mitigated for various organizations, including government agencies and enterprises, and enhancing digital security across multiple sectors and offers robust protection for digital assets, combining advanced technologies and user-centric features.
[049] FIGs. 2-4 illustrate a flow chart of an example method 200, 300, and 400 for detecting a presence of change in content, in accordance with an embodiment of the present disclosure.
[050] Referring to FIG. 2, at 202, the method 200 may include scraping/receiving webpage content which includes code, text, and images. At 204, the method 200 may include isolating a code, a text, and an image, where the webpage components are segregated into three parts such as the code, the text, and the image for individual analysis. Further, the method 200 may include detecting changes across these components. At 206A, the method 200 may include performing image change detection analyses to identify modifications. At 206B, the method 200 may include performing text change detection. At 206C, the method 200 may include performing code change detection for unauthorized changes. At 208A, the method 200 may include performing pixel-by-pixel screenshot analysis that may involve comparing screenshots of the webpage pixel-by-pixel to spot any visual changes. At 208B, the method 200 may include utilizing ML techniques to analyse patterns or anomalies to detect defacement. At 208C, the method 200 may include utilizing checksum (e.g., a hash value) to detect any changes in the digital signature of the content in the webpages.
[051] Referring to FIG. 3, at 302, the method 300 may include gathering IP Addresses from domains, where IP addresses are collected from specified domains to be scanned for security purposes. At 304, the method 300 may include performing the port scan on the IP Addresses. At 306, the method 300 may include checking whether the IP Addresses are online to determine whether the IP addresses are active or reachable. If the IP addresses are not online, the method 300 may include reporting IP Addresses for downtime as represented at 308B. If the IP addresses are online, the method 300 may include segregating the IP Addresses via open ports as represented at 308A. At 310, the method 300 may include examining the version of software running on the open ports to detect any version-specific vulnerabilities. At 312, the method 300 may include extracting vulnerabilities of the particular version, At 314, the method 300 may include reporting on vulnerabilities and the open ports.
[052] Referring to FIG. 4, at 402, the method 400 may include analyzing profiles configuration. At 404, the method 400 may include detecting a change in the configuration. At 406, the method 400 may include determining that the misconfiguration is detected due to the anomalies. If no anomaly is detected, changes are deemed safe as represented at 408B. If an anomaly is identified as a misconfiguration, an alert is raised for website operator (e.g., a user) as represented at 408A.
[053] FIG. 5 illustrates a flow chart of an example method 500 for detecting anomalies in digital platforms, in accordance with an embodiment of the present disclosure.
[054] Referring to FIG. 5, at 502, the method 500 may include receiving, by one or more processors (e.g., 104 as represented in FIG. 1) associated with a system (e.g., 102 as represented in FIG. 1), data associated with one or more webpages, one or more parameters associated with the one or more webpages, and configuration information of a profile associated with each of the one or more webpages. At 504, the method 500 may include dynamically determining, by the one or more processors 104, presence of the anomalies in the one or more webpages based on the reception of the data, the one or more parameters, and the configuration information. At 506, the method 500 may include transmitting, by the one or more processors 104, an alert signal to a device associated with a user based on the determination of the anomalies.
[055] In an embodiment, the method 500 may include periodically receiving, the one or more processors 104, the image in the one or more webpages and determining, by the one or more processors 104, pixels associated with the image. Further, the method 500 may include comparing, by the one or more processors 104, each pixel of the image with each reference pixel associated with a reference image and detecting, by the one or more processors 104, the presence of change in at least one pixel of the image for detecting, by the one or more processors 104, the presence of the anomalies based on the detection of the presence of change in the at least one pixel.
[056] In an embodiment, the method 500 may include predicting, by the one or more processors 104, the presence of change in the text using ML techniques for detecting the anomalies. In an embodiment, the method 500 may include determining, by the one or more processors 104, a digital signature for one or more webpages and periodically generating, by the one or more processors 104, a hash value using hashing techniques. Further, the method 500 may include comparing, by the one or more processors 104, the hash value for each of the one or more webpages with the digital signature and determining, by the one or more processors 104, a mismatch between the hash value and the digital signature based on the comparison. Further, the method 500 may include comparing, by the one or more processors 104, a code associated with the hash value and a code associated with the digital signature based on the determination of the mismatch and dynamically determining, by the one or more processors 104, the presence of the change in the code based on the comparison for detecting, by the one or more processors 104, the presence of the anomalies based on the detection of the presence of change in the code.
[057] In an embodiment, the method 500 may include scanning, by the one or more processors 104, domains associated with the one or more webpages and determining, by the one or more processors 104, the IP addresses corresponding to the domains based on scanning. Further, the method 500 may include scanning, by the one or more processors 104, a port associated with each of the IP addresses and determining, by the one or more processors 104, that the IP addresses are in an active state based on scanning the port. Further, in response to determining that the IP addresses are in the active state, the method 500 may include determining, by the one or more processors 104, presence of open ports. Further, the method 500 may include segregating, by the one or more processors 104, each of the IP addresses based on the presence of open ports and determining, by the one or more processors 104, a version corresponding to each of the open ports for detecting, by the one or more processors 104, the anomalies in the respective version and generating, by the one or more processors 104, a report based on the anomalies.
[058] FIG. 6 illustrates an exemplary computer system 600 in which or with which embodiments of the present disclosure may be implemented.
[059] As shown in FIG. 6, the computer system 600 may include an external storage device 610, a bus 620, a main memory 630, a read only memory 640, a mass storage device 650, a communication port 660, and a processor 670. A person skilled in the art will appreciate that the computer system 600 may include more than one processor and communication ports. The processor 670 may include various modules associated with embodiments of the present disclosure.
[060] In an embodiment, the communication port 660 may be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication port 660 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system 600 connects.
[061] In an embodiment, the memory 630 may be a Random-Access Memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory 640 may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or Basic Input/Output system (BIOS) instructions for the processor 670.
[062] In an embodiment, the mass storage device 650 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g., an array of disks (e.g., SATA arrays).
[063] In an embodiment, the bus 620 communicatively couples the processor(s) 670 with the other memory, storage, and communication blocks. The bus 620 may be, e.g., a Peripheral Component Interconnect (PCI)/PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects the processor 670 to computer system 600.
[064] Optionally, operator and administrative interfaces, e.g., a display, keyboard, joystick, and a cursor control device, may also be coupled to the bus 620 to support direct operator interaction with the computer system 600. Other operator and administrative interfaces may be provided through network connections connected through the communication port 660. Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system 600 limit the scope of the present disclosure.
[065] While the foregoing describes various embodiments of the disclosure, other and further embodiments of the present disclosure may be devised without departing from the basic scope thereof. The scope of the disclosure is determined by the claims that follow. The disclosure is not limited to the described embodiments, versions, or examples, which are included to enable a person having ordinary skill in the art to make and use the disclosure when combined with information and knowledge available to the person having ordinary skill in the art.

ADVANTAGES OF THE PRESENT DISCLOSURE
[066] The present disclosure ensures immediate response by providing real-time monitoring capabilities that detect and alert unauthorized changes to websites instantly, minimizing potential damage from defacement attacks.
[067] The present disclosure integrates Artificial Intelligence (AI) techniques for predictive analysis, identifying potential future threats, and enabling proactive mitigation strategies.
[068] The present disclosure utilizes advanced techniques for continuous monitoring, providing immediate alerts for website defacement and vulnerabilities, significantly reducing response times.
[069] The present disclosure integrates multiple security features into a single, cohesive solution, streamlining processes and reducing complexity.
[070] The present disclosure uses a modular architecture, ensuring a digital platform can efficiently scale to protect numerous websites simultaneously.
[071] The present disclosure seamlessly integrates with Continuous Integration and Continuous Deployment (CI/CD) pipelines, enabling continuous security monitoring and ensuring vulnerabilities are identified and addressed during development.
[072] The present disclosure automates compliance checks against industry standards such as an Open Web Application Security Project (OWASP), a General Data Protection Regulation (GDPR), a Health Insurance Portability and Accountability Act (HIPAA), and a Payment Card Industry Data Security Standard (PCI-DSS), simplifying regulatory adherence.
, Claims:1. A method (500) for detecting anomalies in digital platforms, comprising:
receiving (502), by one or more processors (104) associated with a system (102), data associated with one or more webpages, one or more parameters associated with the one or more webpages, and configuration information of a profile associated with each of the one or more webpages;
dynamically determining (504), by the one or more processors (104), presence of the anomalies in the one or more webpages based on the reception of the data, the one or more parameters, and the configuration information; and
transmitting (506), by the one or more processors (104), an alert signal to a device associated with a user based on the determination of the anomalies.

2. The method (500) as claimed in claim 1, wherein determining (504), by the one or more processors (104), the presence of the anomalies in the one or more webpages based on the reception of the data comprises:
determining, by the one or more processors (104), types of content associated with the received data;
segregating, by the one or more processors (104), the types of content;
detecting, by the one or more processors (104), a presence of change in at least one type of content; and
detecting, by the one or more processors (104), the presence of the anomalies based on the detection of the presence of change.

3. The method (500) as claimed in claim 2, wherein the types of content comprise at least one of: text in the one or more webpages, an image in the one or more webpages, and a code in the one or more webpages.

4. The method (500) as claimed in claim 3, comprising:
periodically receiving, the one or more processors (104), the image in the one or more webpages;
determining, by the one or more processors (104), pixels associated with the image;
comparing, by the one or more processors (104), each pixel of the image with each reference pixel associated with a reference image;
detecting, by the one or more processors (104), the presence of change in at least one pixel of the image; and
detecting, by the one or more processors (104), the presence of the anomalies based on the detection of the presence of change in the at least one pixel.

5. The method (500) as claimed in claim 3, comprising:
receiving, by the one or more processors (104), the text associated with the one or more webpages;
fetching, by the one or more processors (104), information of historical events from a database (112) associated with the system (102);
determining, by the one or more processors (104), a pattern of the anomalies that occurred in the text based on the information of historical events;
comparing, by the one or more processors (104), the pattern of the anomalies in the text with the text associated with the one or more webpages; and
predicting, by the one or more processors (104), a presence of change in the text associated with the one or more webpages using Machine Learning (ML) techniques based on the comparison.

6. The method (500) as claimed in claim 3, comprising:
determining, by the one or more processors (104), a digital signature for the one or more webpages;
periodically generating, by the one or more processors (104), a hash value using hashing techniques;
comparing, by the one or more processors (104), the hash value for each of the one or more webpages with the digital signature;
determining, by the one or more processors (104), a mismatch between the hash value and the digital signature based on the comparison;
comparing, by the one or more processors (104), a code associated with the hash value and a code associated with the digital signature based on the determination of the mismatch;
dynamically determining, by the one or more processors (104), the presence of the change in the code based on the comparison; and
detecting, by the one or more processors (104), the presence of the anomalies based on the detection of the presence of change in the code.

7. The method (500) as claimed in claim 6, comprising:
monitoring, by the one or more processors (104), the hash value for a predefined time interval for the comparison.

8. The method (500) as claimed in claim 1, wherein the one or more parameters comprise at least one of: Internet Protocol (IP) addresses, subnet ranges, port identities, and a scan intensity.

9. The method (500) as claimed in claim 8, comprising:
scanning, by the one or more processors (104), domains associated with the one or more webpages;
determining, by the one or more processors (104), the IP addresses corresponding to the domains based on scanning;
scanning, by the one or more processors (104), a port associated with each of the IP addresses;
determining, by the one or more processors (104), that the IP addresses are in an active state based on scanning the port;
in response to determining that the IP addresses are in the active state, determining, by the one or more processors (104), presence of open ports;
segregating, by the one or more processors (104), each of the IP addresses based on the presence of open ports;
determining, by the one or more processors (104), a version corresponding to each of the open ports;
detecting, by the one or more processors (104), the anomalies in the respective version; and
generating, by the one or more processors (104), a report based on the anomalies.

10. The method (500) as claimed in claim 9, comprising:
determining, by the one or more processors (104), that the IP addresses are in an inactive state; and
in response to determining that the IP addresses are in the inactive state, generating, by the one or more processors (104), the report based on the determination of the inactive state of the IP addresses.

11. The method (500) as claimed in claim 1, comprising:
detecting, by the one or more processors (104), a misconfiguration in the configuration information of the profile; and
determining, by the one or more processors (104), the anomalies based on the detection of the misconfiguration.

12. A system (102) for detecting anomalies in webpages, comprising:
one or more processors (104); and
a memory (106) operatively coupled with the one or more processors (104), wherein the memory (106) comprises one or more instructions which, when executed, cause the one or more processors (104) to:
receive data associated with one or more webpages, one or more parameters associated with the one or more webpages, and configuration information of a profile associated with each of the one or more webpages;
dynamically determine presence of the anomalies in the one or more webpages based on the reception of the data, the one or more parameters, and the configuration information; and
transmit an alert signal to a device associated with a user based on the determination of the anomalies.

Documents