Delivering content over a network, e.g., delivering webpages over the Internet, is known in the art. However, security and other risks exist. For example, cyber-attacks that include modifying a web page by a “Man in the Middle” or a “Man in the Browser” are known. For example, as known in the art, a “Man in the Browser” may be a program, script or other code executed in a browser that injects Hyper Text Markup Language (HTML) code into a web page thus effectively modifying the original web page sent by a web server. Accordingly, content injection may cause a user be presented with content that is different from the content sent by a website.
Current approaches to content injection detection are mostly based on manual investigation by an expert user who determines if page modifications are malicious or legitimate. Such manual determination is then used to build and update lists of “known good” and “known bad” page signatures. However, due to the constant changes made by attackers in their methods, these approaches require ongoing maintenance and updates that are dependent on trained experts.