Multi-layer Analysis

A defense-in-depth approach that combines local speed with cloud intelligence.

No single detection method is perfect. Arx stacks multiple analysis techniques on top of each other. If a threat bypasses one layer, it runs into the next.

The Analysis Pipeline

Threats are analyzed through a cascading three-layer system. Each layer provides faster or deeper analysis depending on the threat level.

1

Local Pre-Filter

Checks the URL string itself. Is it on a trusted list? Is it a known safe domain? Does it have obvious anomalies?

✓ Whitelist check
✓ Domain age verification
✓ TLD analysis
✓ URL pattern matching

2

Behavioral Heuristics

The extension analyzes the page structure, scans visible context for risk indicators, and evaluates visual elements.

✓ DOM structure analysis
✓ Visual fingerprinting
✓ Form detection
✓ Typosquatting & Punycode checks

3

AI Visual Matching

For login pages and suspicious content, AI-powered visual matching analyzes page structure and visual elements to identify sophisticated phishing attempts.

✓ AI visual similarity detection
✓ Brand logo recognition
✓ Layout structure comparison
✓ Trusted site fingerprinting

Performance Optimization

Fast by default, deeper only when needed

This hybrid model ensures that browsing stays fast. Most traffic is cleared instantly in Layer 1, while only unknown or suspicious pages move through deeper analysis.

~95%
Layer 1 Only
~4%
Layer 2 Analysis
~1%
Layer 3 Deep Scan