Abstract: Methods and systems for fictitious account generation on detection of account takeover conditions are described. A login attempt may be detected and determined to indicate fraud, such as when the login attempt is accompanied by many failed login attempts or is from an untrusted or known malicious endpoint. A fictitious account may be generated, which may include falsified account data and may limit account functionality to prevent unauthorized and fraudulent use of the account. The computing device that performs the login attempt may be routed and permitted to log in to the fictitious account, where the service provider or another computing entity may then monitor activity and usage of the fictitious account by the potentially malicious party. The fictitious account may be maintained so that other actors using the account may access the account and their activity also monitored.

Abstract: Methods and systems for using cloned accounts to track attacks on user accounts are described. A user login attempt is detected for a user account from a client computing device. A determination is made that the user is not a legitimate user. The user is routed to a cloned user account. An analysis of the interaction between the user and the cloned user account is performed.

Abstract: Methods and systems for using cloned accounts to track attacks on user accounts are described. A user login attempt is detected for a user account from a client computing device. A determination is made that the user is not a legitimate user. The user is routed to a cloned user account. An analysis of the interaction between the user and the cloned user account is performed.

Abstract: Methods and systems for fictitious account generation on detection of account takeover conditions are described. A login attempt may be detected and determined to indicate fraud, such as when the login attempt is accompanied by many failed login attempts or is from an untrusted or known malicious endpoint. A fictitious account may be generated, which may include falsified account data and may limit account functionality to prevent unauthorized and fraudulent use of the account. The computing device that performs the login attempt may be routed and permitted to log in to the fictitious account, where the service provider or another computing entity may then monitor activity and usage of the fictitious account by the potentially malicious party. The fictitious account may be maintained so that other actors using the account may access the account and their activity also monitored.

Abstract: Methods and systems for fictitious account generation on detection of account takeover conditions are described. A login attempt may be detected and determined to indicate fraud, such as when the login attempt is accompanied by many failed login attempts or is from an untrusted or known malicious endpoint. A fictitious account may be generated, which may include falsified account data and may limit account functionality to prevent unauthorized and fraudulent use of the account. The computing device that performs the login attempt may be routed and permitted to log in to the fictitious account, where the service provider or another computing entity may then monitor activity and usage of the fictitious account by the potentially malicious party. The fictitious account may be maintained so that other actors using the account may access the account and their activity also monitored.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

Abstract: Images related to one or more attacks to a service provider system may be analyzed to improve the security of the service provider system. Each of the images may be segmented into multiple segments. Each of the segments is analyzed independently to determine whether the segment includes obfuscated data and if so, which one of the data obfuscation techniques was used to generate the obfuscated data. Additional information regarding the obfuscated data may be derived from other segments that include unobfuscated data and from the metadata of the image. A data restoration algorithm may be configured accordingly to restore the obfuscated data. The restored data, as well as a context derived for the image, may be used to adjust one or more security parameters of the service provider system to improve the security of the service provider system.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

Abstract: Methods and systems for using cloned accounts to track attacks on user accounts are described. A user login attempt is detected for a user account from a client computing device. A determination is made that the user is not a legitimate user. The user is routed to a cloned user account. An analysis of the interaction between the user and the cloned user account is performed.

Abstract: Images related to one or more attacks to a service provider system may be analyzed to improve the security of the service provider system. Each of the images may be segmented into multiple segments. Each of the segments is analyzed independently to determine whether the segment includes obfuscated data and if so, which one of the data obfuscation techniques was used to generate the obfuscated data. Additional information regarding the obfuscated data may be derived from other segments that include unobfuscated data and from the metadata of the image. A data restoration algorithm may be configured accordingly to restore the obfuscated data. The restored data, as well as a context derived for the image, may be used to adjust one or more security parameters of the service provider system to improve the security of the service provider system.

Abstract: Methods and systems for fictitious account generation on detection of account takeover conditions are described. A login attempt may be detected and determined to indicate fraud, such as when the login attempt is accompanied by many failed login attempts or is from an untrusted or known malicious endpoint. A fictitious account may be generated, which may include falsified account data and may limit account functionality to prevent unauthorized and fraudulent use of the account. The computing device that performs the login attempt may be routed and permitted to log in to the fictitious account, where the service provider or another computing entity may then monitor activity and usage of the fictitious account by the potentially malicious party. The fictitious account may be maintained so that other actors using the account may access the account and their activity also monitored.

Abstract: Methods and systems for using cloned accounts to track attacks on user accounts are described. A user login attempt is detected for a user account from a client computing device. A determination is made that the user is not a legitimate user. The user is routed to a cloned user account. An analysis of the interaction between the user and the cloned user account is performed.

Abstract: Computer system drift can occur when a computer system or a cluster of computer systems deviates from ideal and/or desired behavior. In a server farm, for example, many different machines may be identically configured to work in conjunction with each other to provide an electronic service (serving web pages, processing electronic payment transactions, etc.). Over time, however, one or more of these systems may drift from previous behavior. Early drift detection can be important, especially in large enterprises, to avoiding costly downtime. Changes in a computer's configuration files, network connections, and/or executable processes can indicate ongoing drift, but collecting this information at scale can be difficult. By using certain hashing and min-Hash techniques, however, drift detection can be streamlined and accomplished for large scale operations. Velocity of drift may also be tracked using a decay function.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

Abstract: Computer system drift can occur when a computer system or a cluster of computer systems deviates from ideal and/or desired behavior. In a server farm, for example, many different machines may be identically configured to work in conjunction with each other to provide an electronic service (serving web pages, processing electronic payment transactions, etc.). Over time, however, one or more of these systems may drift from previous behavior. Early drift detection can be important, especially in large enterprises, to avoiding costly downtime. Changes in a computer's configuration files, network connections, and/or executable processes can indicate ongoing drift, but collecting this information at scale can be difficult. By using certain hashing and min-Hash techniques, however, drift detection can be streamlined and accomplished for large scale operations. Velocity of drift may also be tracked using a decay function.