Abstract: System and methods track events associated with web browser activity along with corresponding browser tab identifiers. A web page is loaded in a browser tab based on a request to a Uniform Resource Locator (URL). A time is identified, and it is determined that a predetermined time interval has elapsed. A storage mechanism is queried to determine whether an event log stored to the storage mechanism contains a stored tab identifier for the browser tab. If the tab identifier is not stored to the event log, then a tab identifier is stored to the event log, mapped to the time and the URL. If the event log contains the stored tab identifier for the tab, then the event log is updated to include the time mapped to the tab identifier. The URL may also be updated if applicable. The event log is transmitted to a server computer for further analysis.

Abstract: Certain aspects involve a system, computer-implemented method, and computer-readable medium for identifying attributes associated with a target entity such as a person. A hierarchical characterization system receives an attribute and a request for associated identity data. The system generates an identity graph that includes attribute nodes corresponding to respective attributes and online interaction nodes corresponding to respective online interactions. The system correlates at least a subset of the online interactions and at least a subset of the attributes with a particular entity. The system generates a report indicating an identity of the entity and a behavior of the entity based on the correlated online interactions and the correlated attributes.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

Abstract: In an example of a method described herein, historical events occurring over a network are detected, and at least one of the historical events is associated with an observed value of a categorical variable. A numerical aggregate value representing the observed value is updated by applying an exponential smoothing function to (i) a prior numerical aggregate value representing prior historical events associated with the observed value and (ii) a count of the historical events associated with the observed value. An event occurring over the network is detected and is associated with the observed value. Features are extracted from the event, where the features include an encoded feature based on the numerical aggregate value to represent the observed value. A predictive model is applied to the features to determine a score representing likelihood of an outcome. Based on the score, access to a resource of the network is controlled.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.