Abstract: A method is performed in a network security system implemented in a computer or electronic device that is coupled to secured online resources for detecting unauthorized accesses of those secured online resources. The method includes monitoring a user activity session. It is determined whether the user activity session is indicative of a hidden session by an attacker, where the determination includes comparing the user activity session to an average user activity session.

Abstract: A computer readable storage medium has instructions for execution on a computer. The instructions monitor transactions between a server and a set of clients. An evaluation of session indicators associated with the transactions is performed. Individual sessions between the server and individual clients of the plurality of clients are isolated in response to the evaluation.

Abstract: A computer readable storage medium with instructions executable on a host computer. The instructions record a relationship between a partner site and the host computer, substitute a reference to the partner site with a partner site alias referencing the host computer, deliver the partner site alias to a client, replace the partner site alias for the reference to the partner site in response to receiving the partner site alias from the client and augment the address of the client with an address alias. The address alias is sent to the partner site. A partner action and the address alias are received from the partner site. The address is exchanged for the address alias. The partner action is delivered to the client utilizing the address. These operations are monitored to identify client activity that constitutes a security threat at the host computer or the partner site.

Abstract: A non-transitory computer readable storage medium includes executable instructions to observe the distribution of the frequency of a recurrent behavior to form a histogram. A rehistogram of the histogram is computed to model the distribution of the frequency of the frequency of the recurrent behavior. The rehistogram provides an individual frequency relative to the total frequency of the recurrent behavior. The individual frequency is compared to a predicted frequency to form a difference frequency. An anomaly event is identified when the difference frequency exceeds an anomaly threshold.

Abstract: A computer readable storage medium has instructions for execution on a computer. The instructions monitor transactions between a server and a set of clients. An evaluation of session indicators associated with the transactions is performed. Individual sessions between the server and individual clients of the plurality of clients are isolated in response to the evaluation.

Abstract: A computer readable storage medium with instructions executable on a host computer. The instructions record a relationship between a partner site and the host computer, substitute a reference to the partner site with a partner site alias referencing the host computer, deliver the partner site alias to a client, replace the partner site alias for the reference to the partner site in response to receiving the partner site alias from the client and augment the address of the client with an address alias. The address alias is sent to the partner site. A partner action and the address alias are received from the partner site. The address is exchanged for the address alias. The partner action is delivered to the client utilizing the address. These operations are monitored to identify client activity that constitutes a security threat at the host computer or the partner site.

Abstract: A method is performed in a network security system implemented in a computer or electronic device that is coupled to secured online resources for detecting unauthorized accesses of those secured online resources. The method includes monitoring a user activity session. It is determined whether the user activity session is indicative of a hidden session by an attacker, where the determination includes comparing the user activity session to an average user activity session.

Abstract: A system and method for identifying the change of user behavior on a website includes analyzing the actions of users on a website comprising a plurality of parameters or parameters that identify the actions performed on a website including parameters or fields related to previous actions by that user or other users of the website. The parameters or fields are represented in a vector format where each vector represents a different session of activity on the website, page of the website, user of the website, or other attribute of the use of a website. Analysis is performed to determine if new sessions are similar or dissimilar to previously known sessions.

Abstract: A system and software for identifying the change of user behavior on a website includes analyzing the actions of users on a website comprising a plurality of fields or input parameters that identify the actions performed on a website including fields related to previous actions by that user or other users of the website. The fields or input parameters are represented in a vector format where vectors represent different sessions of activity on the website, pages of the website, users of the website, or other attributes of the use of a website. Analysis is performed to determine if new sessions are similar or dissimilar to previously known sessions and if a session is converging or diverging from known sessions based on the velocity and direction of the velocity of the vectors in the vector space.

Abstract: Embodiments of the invention provide systems and methods for preventing online fraud. According to one embodiment, a method for providing an indication of the legitimacy of a web page can comprise receiving the web page. A determination can be made as to whether the web page is legitimate based, for example, on a reputation of the web page. In response to determining the web page is legitimate, at least one positive indicator can be displayed on a browser window for displaying the web page. This positive indicator can be user-selected such that the user can be confident that the browser or computer-based software knows the identity of the current user. According to one embodiment, the indication can be displayed on a portion of the browser window or the desktop portion of the user's computer that is not accessible to code of the web page.