Abstract: A method for generating a combined Isolation Forest model for detecting anomalies in data is provided. The method includes receiving a first Isolation Forest model for detecting anomalies in data from a first electronic device. The first Isolation Forest model is trained at the first electronic device. Further, the method includes receiving a second Isolation Forest model for detecting anomalies in data from a second electronic device. The second Isolation Forest model is trained at the second electronic device. The method additionally includes combining the first Isolation Forest model and the second Isolation Forest model to obtain the combined Isolation Forest model.

Abstract: A method for detecting a cyberattack on an electronic device is provided. The method is performed by the electronic device itself. The method includes collecting data at the electronic device. Further, the method includes classifying the collected data as regular data or malicious data using a supervised machine-learning model for the cyberattack. The method additionally includes determining whether the electronic device is under the cyberattack based on the classification of the collected data.

Abstract: The disclosure relates to a method (100) for assessing user authorization, the method comprising: receiving (110), via a data communication network (330), a request from a user device (300) for an access; generating (120), based on data associated with the request, a risk score indicating a risk that the request was sent by a non-authorized user, wherein the risk score indicates a high risk, a medium risk, or a low risk that the user (400) is a non-authorized user; and signaling (130), via the data communication network (330), the user device (300) a need for further information to enable a decision about the authorization of the user (400), if the risk score indicates medium risk. A further aspect relates to a method (200) for user authorization and to an electronic device (300).

Abstract: The present disclosure relates to a concept of fraud handling. A data transaction request is received via a data network from at least one user account. The data transaction request is analyzed based on predefined fraud detection rules to generate a fraud score associated with the at least one user account. The at least one user account is classified as fraudulent account if the associated fraud score exceeds a predefined fraud likelihood threshold. Data transactions associated with a classified fraudulent account via the data network are pseudo-randomly permitted or blocked.

Abstract: A method for processing a user request is provided. The method includes receiving the user request. Further, the method includes selecting one of a plurality of different machine-learning models. Each of the plurality of machine-learning models is trained for performing the same processing task. The method additionally includes processing the user request using the selected one of the plurality of machine-learning models.

Abstract: The present disclosure relates to a concept of fraud handling. A data transaction request is received via a data network from at least one user account. The data transaction request is analyzed based on predefined fraud detection rules to generate a fraud score associated with the at least one user account. The at least one user account is classified as fraudulent account if the associated fraud score exceeds a predefined fraud likelihood threshold. Data transactions associated with a classified fraudulent account via the data network are done by purposely deteriorating the data transactions associated with the classified fraudulent account in comparison to data transactions associated with a classified non-fraudulent account.

Abstract: A method for generating a combined Isolation Forest model for detecting anomalies in data is provided. The method includes receiving a first Isolation Forest model for detecting anomalies in data from a first electronic device. The first Isolation Forest model is trained at the first electronic device. Further, the method includes receiving a second Isolation Forest model for detecting anomalies in data from a second electronic device. The second Isolation Forest model is trained at the second electronic device. The method additionally includes combining the first Isolation Forest model and the second Isolation Forest model to obtain the combined Isolation Forest model.

Abstract: The disclosure relates to a method (100) for assessing user authorization, the method comprising: receiving (110), via a data communication network (330), a request from a user device (300) for an access; generating (120), based on data associated with the request, a risk score indicating a risk that the request was sent by a non-authorized user, wherein the risk score indicates a high risk, a medium risk, or a low risk that the user (400) is a non-authorized user; and signaling (130), via the data communication network (330), the user device (300) a need for further information to enable a decision about the authorization of the user (400), if the risk score indicates medium risk. A further aspect relates to a method (200) for user authorization and to an electronic device (300).

Abstract: Embodiments of the present disclosure relate to a method, an apparatus and a computer program for providing a machine-learning system to be used for classifying transactions as either fraudulent or genuine, and a method, an apparatus and a computer program for classifying transactions as either fraudulent or genuine. The method for generating a machine-learning system for classifying transactions as either fraudulent or genuine based on a plurality of training transactions, each training transaction being associated with labelling information that indicates whether the training transaction is either genuine or fraudulent, comprises clustering the plurality of training transactions into a plurality of clusters based on a similarity measure. The method comprises determining, for each of the plurality of clusters, whether the cluster is homogeneous or heterogeneous. A heterogeneous cluster includes both fraudulent and genuine training transactions.

Abstract: The present disclosure relates to a concept of fraud handling. A data transaction request is received via a data network from at least one user account. The data transaction request is analyzed based on predefined fraud detection rules to generate a fraud score associated with the at least one user account. The at least one user account is classified as fraudulent account if the associated fraud score exceeds a predefined fraud likelihood threshold. Data transactions associated with a classified fraudulent account via the data network are pseudo-randomly permitted or blocked.

Abstract: The present disclosure relates to a concept of fraud handling. A data transaction request is received via a data network from at least one user account. The data transaction request is analyzed based on predefined fraud detection rules to generate a fraud score associated with the at least one user account. The at least one user account is classified as fraudulent account if the associated fraud score exceeds a predefined fraud likelihood threshold. Data transactions associated with a classified fraudulent account via the data network are done by purposely deteriorating the data transactions associated with the classified fraudulent account in comparison to data transactions associated with a classified non-fraudulent account.