Abstract: Described embodiments provide systems and methods for identifying malicious attempts to detect vulnerabilities in an application. At least one processor may determine a mean and a standard variation of character counts of each of a plurality of characters from a plurality of sets of data. The at least one processor may determine a distance metric for each of the characters in each of the sets of data. For a corresponding set of data, the at least one processor may determine a number of outliers to determine whether the corresponding set of data is anomalous.

Abstract: Systems and methods for scraping detection include a device which receives a plurality of requests from a client to extract data from a resource. The device may classify activity of the client as activity of an autonomous program based at least on a number of the plurality of requests, and one of i) one or more content types of the requests, or ii) a frequency in which the requests are received. The device may block, responsive to classification of the activity, a subsequent request from the client to extract data from the resource.

Abstract: A system and method that detects malicious account creation in a web-based platform. A method includes detecting suspicious events associated with an account creation process using a username classifier that evaluates a username used to create a new account, an IP address classifier that evaluates an IP address used to create the new account, and a domain classifier that evaluates a domain from an email address used to create the new account; analyzing each detected suspicious event with a density analysis classifier to determine if each detected suspicious event comprises a malicious event based on a density of detected suspicious events from a collections of account creation processes; and determining an alert condition based on at least one malicious event detection.