Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An iterative process may be performed to identify a coalition network associated with fraudulent activity. The iterative process may include analyzing the first network profile to identify a first set of entities, of the first entities, that are related to an entity of the second entities, and/or analyzing the first network profile to identify a second set of entities, of the second entities, that are related to the first set of entities. Multiple iterations may be performed to identify the coalition network.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An iterative process may be performed to identify a coalition network associated with fraudulent activity. The iterative process may include analyzing the first network profile to identify a first set of entities, of the first entities, that are related to an entity of the second entities, and/or analyzing the first network profile to identify a second set of entities, of the second entities, that are related to the first set of entities. Multiple iterations may be performed to identify the coalition network.

Abstract: One or more computing devices, systems, and/or methods are provided. A request for content associated with a device and/or a set of request information associated with the request for content may be received. A content item may be transmitted to the device. A set of client information associated with the device may be received. The set of client information may be analyzed to determine a fraudulence label associated with the request for content. Fraud detection information generated based upon the set of request information, the set of client information and/or the fraudulence label may be stored in a fraud detection database. A second request for content associated with a second device and/or a second set of request information associated with the second request for content may be received. A second fraudulence label may be determined based upon the second set of request information and/or the fraud detection database.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An iterative process may be performed to identify a coalition network associated with fraudulent activity. The iterative process may include analyzing the first network profile to identify a first set of entities, of the first entities, that are related to an entity of the second entities, and/or analyzing the first network profile to identify a second set of entities, of the second entities, that are related to the first set of entities. Multiple iterations may be performed to identify the coalition network.

Abstract: One or more computing devices, systems, and/or methods are provided. A request for content associated with a device and/or a set of request information associated with the request for content may be received. A content item may be transmitted to the device. A set of client information associated with the device may be received. The set of client information may be analyzed to determine a fraudulence label associated with the request for content. Fraud detection information generated based upon the set of request information, the set of client information and/or the fraudulence label may be stored in a fraud detection database. A second request for content associated with a second device and/or a second set of request information associated with the second request for content may be received. A second fraudulence label may be determined based upon the second set of request information and/or the fraud detection database.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. First representations associated with the first entities and second representations associated with the second entities may be generated based upon the first network profile. Clusters in the first representations and/or the second representations may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the clusters.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. First representations associated with the first entities and second representations associated with the second entities may be generated based upon the first network profile. Clusters in the first representations and/or the second representations may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the clusters.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An iterative process may be performed to identify a coalition network associated with fraudulent activity. The iterative process may include analyzing the first network profile to identify a first set of entities, of the first entities, that are related to an entity of the second entities, and/or analyzing the first network profile to identify a second set of entities, of the second entities, that are related to the first set of entities. Multiple iterations may be performed to identify the coalition network.

Abstract: One or more computing devices, systems, and/or methods for determining thresholds are provided. For example, first activity associated with a plurality of client devices may be detected. A first activity distribution associated with the plurality of client devices may be determined based upon the first activity. A plurality of peaks of the first activity distribution may be identified. A plurality of gradients associated with pairs of peaks of the plurality of peaks may be determined. A target peak of the plurality of peaks may be determined based upon the plurality of gradients. A threshold amount of activity associated with the first activity may be determined based upon the target peak. A first set of activity associated with a first client device may be detected. A fraudulence label associated with the first client device may be determined based upon the first set of activity and/or the threshold amount of activity.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An iterative process may be performed to identify a coalition network associated with fraudulent activity. The iterative process may include analyzing the first network profile to identify a first set of entities, of the first entities, that are related to an entity of the second entities, and/or analyzing the first network profile to identify a second set of entities, of the second entities, that are related to the first set of entities. Multiple iterations may be performed to identify the coalition network.

Abstract: One or more computing devices, systems, and/or methods for determining thresholds are provided. For example, first activity associated with a plurality of client devices may be detected. A first activity distribution associated with the plurality of client devices may be determined based upon the first activity. A plurality of peaks of the first activity distribution may be identified. A plurality of gradients associated with pairs of peaks of the plurality of peaks may be determined. A target peak of the plurality of peaks may be determined based upon the plurality of gradients. A threshold amount of activity associated with the first activity may be determined based upon the target peak. A first set of activity associated with a first client device may be detected. A fraudulence label associated with the first client device may be determined based upon the first set of activity and/or the threshold amount of activity.

Abstract: One or more computing devices, systems, and/or methods are provided. A request for content associated with a device and/or a set of request information associated with the request for content may be received. A content item may be transmitted to the device. A set of client information associated with the device may be received. The set of client information may be analyzed to determine a fraudulence label associated with the request for content. Fraud detection information generated based upon the set of request information, the set of client information and/or the fraudulence label may be stored in a fraud detection database. A second request for content associated with a second device and/or a second set of request information associated with the second request for content may be received. A second fraudulence label may be determined based upon the second set of request information and/or the fraud detection database.