Abstract: An online security analysis system determines a categorical value in an online activity and also determines conversion factors that are associated with the categorical value. Based on the conversion factors, the online security analysis system identifies at least one aggregated value for a numerical feature that is associated with previous online activities for the categorical value. In addition, the online security analysis system generates an embedding vector that describes the aggregated value associated with the categorical value. The embedding vector is provided to an online activity analysis model that is trained to generate prediction data for the online activity, based on the aggregated values associated with the categorical value. The prediction data is transmitted to an online system for use in controlling access of a client device to a function of the online system.

Abstract: Certain aspects involve a system, computer-implemented method, and computer-readable medium for identifying attributes associated with a target entity such as a person. A hierarchical characterization system receives an attribute and a request for associated identity data. The system generates an identity graph that includes attribute nodes corresponding to respective attributes and online interaction nodes corresponding to respective online interactions. The system correlates at least a subset of the online interactions and at least a subset of the attributes with a particular entity. The system generates a report indicating an identity of the entity and a behavior of the entity based on the correlated online interactions and the correlated attributes.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

Abstract: Certain aspects involve a system, computer-implemented method, and computer-readable medium for identifying attributes associated with a target entity such as a person. A hierarchical characterization system receives an attribute and a request for associated identity data. The system generates an identity graph that includes attribute nodes corresponding to respective attributes and online interaction nodes corresponding to respective online interactions. The system correlates at least a subset of the online interactions and at least a subset of the attributes with a particular entity. The system generates a report indicating an identity of the entity and a behavior of the entity based on the correlated online interactions and the correlated attributes.

Abstract: An online security analysis system determines a categorical value in an online activity and also determines conversion factors that are associated with the categorical value. Based on the conversion factors, the online security analysis system identifies at least one aggregated value for a numerical feature that is associated with previous online activities for the categorical value. In addition, the online security analysis system generates an embedding vector that describes the aggregated value associated with the categorical value. The embedding vector is provided to an online activity analysis model that is trained to generate prediction data for the online activity, based on the aggregated values associated with the categorical value. The prediction data is transmitted to an online system for use in controlling access of a client device to a function of the online system.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.