Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: A fraud monitor in a managed network is provided. The fraud monitor uses the network's instrumentation data, configuration data, and account information to detect fraudulent activities in the network, such as fraudulent advertisement or other types of fraudulent data traffic, including fraudulent responses (e.g., fraudulent clicks) to advertisement. The fraud monitor receives configuration data and identification data for physical resources of the network. The fraud monitor receives instrumentation data of packet traffic in the network. The fraud monitor receives account information for users of the network. The fraud monitor analyzes the instrumentation data to detect a violation of a fraud detection policy that prevents malicious or fraudulent online advertisement activity based on the configuration data, identification data, or account information.

Abstract: A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing of a Uniform Resource Locator (URL) to identify a plurality of key-value pairs in a query string of the URL. The plurality of key-value pairs may include one or more potential anonymous identifiers. In an example embodiment, a machine learning algorithm is trained on the URL to determine whether the one or more potential anonymous identifiers are actual anonymous identifiers (i.e., advertising identifiers) that provide advertisers a method to identify a user device without using, for example, a permanent device identifier. In this embodiment, a ranking threshold is used to verify the URL. A verified URL associate the one or more potential anonymous identifiers with the user device as actual anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic.

Abstract: Aspects of the present disclosure provide for future user device preference prediction based on telecom data. In one aspect, a computer-implemented method includes collecting the telecom data from at least one node of a wireless communication network, where the telecom data includes records for a plurality of occurrences of user interaction with the wireless communication network via a respective current user device. The telecom data is then applied to a predictive model to obtain a prediction of future user device preferences. The prediction of the future user device preferences may include an indication that a user will switch from the respective current user device to another user device for future use with the wireless communication network. The method further includes performing an action with respect to the wireless communication network in response to the prediction of future user device preferences.

Abstract: A computing system may automatically infer one or more events that occur during an application session involving activity on a network, such as the Internet. Such an application session may be interactions with, for example, social networking websites, banking websites, news websites, and so on. Events are any of a number of activities or transactions that may occur during the application session. The computing system may automatically infer an event by gathering network transaction data for network transactions performed by one or more client devices of a wireless communication network. The computing system may generate a network activity signature based, at least in part, on the network transaction data and apply pattern recognition and/or machine learning to the network activity signature to infer events associated with the network activity signature.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing of a Uniform Resource Locator (URL) to identify a plurality of key-value pairs in a query string of the URL. The plurality of key-value pairs may include one or more potential anonymous identifiers. In an example embodiment, a machine learning algorithm is trained on the URL to determine whether the one or more potential anonymous identifiers are actual anonymous identifiers (i.e., advertising identifiers) that provide advertisers a method to identify a user device without using, for example, a permanent device identifier. In this embodiment, a ranking threshold is used to verify the URL. A verified URL associate the one or more potential anonymous identifiers with the user device as actual anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: Call record data for telephone numbers of callers are received. A telephone number of a caller is determined as used to place a telephone call to a recipient telephone number of a call recipient. The call record data are analyzed using graph analytics to generate a reliability score for the telephone number that represents a likelihood that the caller is known to the call recipient. The call record data are analyzed using entropy analysis to generate a behavior score for the telephone number that represents a behavior trustworthiness of the caller. The reliability score, the behavior score, and the telephone number of the caller are sent to a user device of the call recipient for the user device to generate a first indication that represents a value of the reliability score and a second indication that represents a value of the behavior score for display along with the telephone number.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: Aspects of the present disclosure provide for future user device preference prediction based on telecom data. In one aspect, a computer-implemented method includes collecting the telecom data from at least one node of a wireless communication network, where the telecom data includes records for a plurality of occurrences of user interaction with the wireless communication network via a respective current user device. The telecom data is then applied to a predictive model to obtain a prediction of future user device preferences. The prediction of the future user device preferences may include an indication that a user will switch from the respective current user device to another user device for future use with the wireless communication network. The method further includes performing an action with respect to the wireless communication network in response to the prediction of future user device preferences.

Abstract: A computing system may automatically determine if data traffic of an individual network cell, or other relatively small portion of a network, is sufficiently complex so as to desirably maintain privacy of individual users of the network. Data traffic, which may include phone calls, text messaging, Internet browsing, and so on, of a network cell in a rural area may experience a relatively low volume of data traffic. On the other hand, a cell tower in a city may experience data traffic of hundreds or so individual users during a one-day period. Data traffic of such relatively high volume may be sufficiently complex and may be aggregated and used for data analytics.

Abstract: This disclosure describes techniques for identifying most influential customers by determining various influence scores and metrics associated with each in-network customer and off-network customers that communicate with one or more in-network customers. A particular in-network customer can be assigned or have calculated for him or her a social media influence score, a voice call score, and an SMS score, and a particular off-network customer can be assigned or have calculated for him or her an acquisition score. The scores can be used in various context to generate recommendations for products and/or services, provide targeted marketing, and/or conduct performance analysis.

Abstract: A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person.

Abstract: A computing system may automatically determine if data traffic of an individual network cell, or other relatively small portion of a network, is sufficiently complex so as to desirably maintain privacy of individual users of the network. Data traffic, which may include phone calls, text messaging, Internet browsing, and so on, of a network cell in a rural area may experience a relatively low volume of data traffic. On the other hand, a cell tower in a city may experience data traffic of hundreds or so individual users during a one-day period. Data traffic of such relatively high volume may be sufficiently complex and may be aggregated and used for data analytics.

Abstract: A computing system may automatically anonymize network transaction data of a network transaction by removing a portion of the uniform resource locator (URL) associated with the network transaction. Such anonymization may be beneficial by allowing for the network transaction data to be used (e.g., by third parties) for data analytics, for example, while securing user identities by removing personal information or the identities of individual users engaged in such network transactions. In some examples, network transactions may include phone calls and conversations, video conferencing, text messaging, Internet ac (e.g., file sharing and streaming), and so on.

Abstract: A fraud monitor in a managed network is provided. The fraud monitor uses the network's instrumentation data, configuration data, and account information to detect fraudulent activities in the network, such as fraudulent advertisement or other types of fraudulent data traffic, including fraudulent responses (e.g., fraudulent clicks) to advertisement. The fraud monitor receives configuration data and identification data for physical resources of the network. The fraud monitor receives instrumentation data of packet traffic in the network. The fraud monitor receives account information for users of the network. The fraud monitor analyzes the instrumentation data to detect a violation of a fraud detection policy that prevents malicious or fraudulent online advertisement activity based on the configuration data, identification data, or account information.

Abstract: A computing system may automatically infer one or more events that occur during an application session involving activity on a network, such as the Internet. Such an application session may be interactions with, for example, social networking websites, banking websites, news websites, and so on. Events are any of a number of activities or transactions that may occur during the application session. The computing system may automatically infer an event by gathering network transaction data for network transactions performed by one or more client devices of a wireless communication network. The computing system may generate a network activity signature based, at least in part, on the network transaction data and apply pattern recognition and/or machine learning to the network activity signature to infer events associated with the network activity signature.

Abstract: This disclosure describes techniques for analyzing search metadata associated with a client-initiated search performed via an internet search engine. Particularly, a Predictive Search Context (PSC) System is described that may analyze search metadata relative to client behavior data to provide a client with one or more recommendations. The recommendations may relate to an event, merchant, place, product, service, and/or category thereof. Further, the PSC system may use client behavior data (i.e., client behavior model) associated with a client, to predict a next, or near to next, probable location of the client. In this example, the PSC system may generate client behavior data based on client-initiated searches performed on client devices operated exclusively or non-exclusively by the client. In doing so, the PSC system may analyze search metadata associated with one of the client devices to identify the client and determine a next, or near to next probable location of the client.

Abstract: This disclosure describes techniques for analyzing search metadata associated with a client-initiated search performed via an internet search engine. Particularly, a Predictive Search Context (PSC) System is described that may analyze search metadata relative to client behavior data to provide a client with one or more recommendations. The recommendations may relate to an event, merchant, place, product, service, and/or category thereof. Further, the PSC system may use client behavior data (i.e., client behavior model) associated with a client, to predict a next, or near to next, probable location of the client. In this example, the PSC system may generate client behavior data based on client-initiated searches performed on client devices operated exclusively or non-exclusively by the client. In doing so, the PSC system may analyze search metadata associated with one of the client devices to identify the client and determine a next, or near to next probable location of the client.