Abstract: The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.

Abstract: The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.

Abstract: Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.

Abstract: Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.