Abstract: Techniques for performing unequal sampling are provided. In one technique, multiple scores generated by a prediction model are identified, each score corresponding to a different entity of multiple entities. Multiple buckets are determined, each bucket corresponding to a different range of scores. Each entity is assigned to a bucket based on the score corresponding to the entity. A probability distribution function is generated based on the scores and a number of scores belonging to each bucket. For each entity, a probability of sampling the entity is determined based on the probability distribution function and a score corresponding to the entity. A subset of the entities are sampled based on the probability determined for each entity.

Abstract: Techniques for performing unequal sampling are provided. In one technique, multiple scores generated by a prediction model are identified, each score corresponding to a different entity of multiple entities. Multiple buckets are determined, each bucket corresponding to a different range of scores. Each entity is assigned to a bucket based on the score corresponding to the entity. A probability distribution function is generated based on the scores and a number of scores belonging to each bucket. For each entity, a probability of sampling the entity is determined based on the probability distribution function and a score corresponding to the entity. A subset of the entities are sampled based on the probability determined for each entity.

Abstract: A reconnect restriction evaluator is described. After detecting that a certain number of the reconnect requests submitted by a member of an on-line social network have failed, the reconnect restriction evaluator performs additional evaluation of the history of reconnect requests stored as associated with a profile of the member and determines whether the high count of failed requests recorded against the member are offset by one or more offsetting factors. Based on the result of the additional evaluation, the reconnect restriction evaluator generates an exemption indicator and stores it as associated with the profile of the member.

Abstract: A phony profiles detector for an on-line social network system is described. The phony profiles detector uses characteristics of a profile that was associated with an indication that it represents a malicious user, a so-called seed profile, to identify other profiles that should be flagged as potentially the source of undesirable behavior. Based on the degree of similarity determined for a subject profile with respect to a seed profile, the phony profiles detector generates a malicious user indicator and stores it as associated with the subject profile.

Abstract: An Account Takeover (ATO) threat detection system is configured to detect that a group of IP addresses is a suspected group of IP addresses (in that there is an indication that same potentially malicious entity is using a group of IP addresses to attempt logins) and automatically select a lower value that limits how many login attempts from the same IP address are permitted during a predetermined period of time before a login request from the suspected group of IP address is no longer accepted for processing. The limit that is used to restrict login attempts from a single IP address is set to be lower than a solo threshold value.

Abstract: An Account Takeover (ATO) detection system is configured to generate a visualization of the monitored login attempts during a time period with respect to an on-line service. In the visualization, a login attempt from an IP address is presented as an object in a three-dimensional coordinates system. This three-dimensional coordinates system has the first axis representing the first octet of an IP address, the second axis representing the second octet of an IP address, and the third axis representing the third and the fourth octets of the IP address.

Abstract: In cases where a user of a social network has lost access to one or more email addresses on file with the social network, the social network may confirm an identity of the user before issuing a new password. The social network may confirm the identity of the user by prompting the user to correctly identify pictures of members of the social network that are connected to the user, selecting or receiving a selection of a plurality of trustees (e.g., members of the social network who are connected to the user), prompting the trustees to confirm with the user that the user has lost the access, and receiving notification that at least a specified number of the trustees have confirmed with the user that the user has lost the access. After the social network confirms the identity, the social network may provide a new password to the user.

Abstract: In cases where a user of a social network has lost access to one or more email addresses on file with the social network, the social network may confirm an identity of the user before issuing a new password. The social network may confirm the identity of the user by prompting the user to correctly identify pictures of members of the social network that are connected to the user, selecting or receiving a selection of a plurality of trustees (e.g., members of the social network who are connected to the user), prompting the trustees to confirm with the user that the user has lost the access, and receiving notification that at least a specified number of the trustees have confirmed with the user that the user has lost the access. After the social network confirms the identity, the social network may provide a new password to the user.