Abstract: A fraud monitor in a managed network is provided. The fraud monitor uses the network's instrumentation data, configuration data, and account information to detect fraudulent activities in the network, such as fraudulent advertisement or other types of fraudulent data traffic, including fraudulent responses (e.g., fraudulent clicks) to advertisement. The fraud monitor receives configuration data and identification data for physical resources of the network. The fraud monitor receives instrumentation data of packet traffic in the network. The fraud monitor receives account information for users of the network. The fraud monitor analyzes the instrumentation data to detect a violation of a fraud detection policy that prevents malicious or fraudulent online advertisement activity based on the configuration data, identification data, or account information.

Abstract: A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing of a Uniform Resource Locator (URL) to identify a plurality of key-value pairs in a query string of the URL. The plurality of key-value pairs may include one or more potential anonymous identifiers. In an example embodiment, a machine learning algorithm is trained on the URL to determine whether the one or more potential anonymous identifiers are actual anonymous identifiers (i.e., advertising identifiers) that provide advertisers a method to identify a user device without using, for example, a permanent device identifier. In this embodiment, a ranking threshold is used to verify the URL. A verified URL associate the one or more potential anonymous identifiers with the user device as actual anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic.

Abstract: Aspects of the present disclosure provide for future user device preference prediction based on telecom data. In one aspect, a computer-implemented method includes collecting the telecom data from at least one node of a wireless communication network, where the telecom data includes records for a plurality of occurrences of user interaction with the wireless communication network via a respective current user device. The telecom data is then applied to a predictive model to obtain a prediction of future user device preferences. The prediction of the future user device preferences may include an indication that a user will switch from the respective current user device to another user device for future use with the wireless communication network. The method further includes performing an action with respect to the wireless communication network in response to the prediction of future user device preferences.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing of a Uniform Resource Locator (URL) to identify a plurality of key-value pairs in a query string of the URL. The plurality of key-value pairs may include one or more potential anonymous identifiers. In an example embodiment, a machine learning algorithm is trained on the URL to determine whether the one or more potential anonymous identifiers are actual anonymous identifiers (i.e., advertising identifiers) that provide advertisers a method to identify a user device without using, for example, a permanent device identifier. In this embodiment, a ranking threshold is used to verify the URL. A verified URL associate the one or more potential anonymous identifiers with the user device as actual anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic.

Abstract: Call record data for telephone numbers of callers are received. A telephone number of a caller is determined as used to place a telephone call to a recipient telephone number of a call recipient. The call record data are analyzed using graph analytics to generate a reliability score for the telephone number that represents a likelihood that the caller is known to the call recipient. The call record data are analyzed using entropy analysis to generate a behavior score for the telephone number that represents a behavior trustworthiness of the caller. The reliability score, the behavior score, and the telephone number of the caller are sent to a user device of the call recipient for the user device to generate a first indication that represents a value of the reliability score and a second indication that represents a value of the behavior score for display along with the telephone number.

Abstract: Aspects of the present disclosure provide for future user device preference prediction based on telecom data. In one aspect, a computer-implemented method includes collecting the telecom data from at least one node of a wireless communication network, where the telecom data includes records for a plurality of occurrences of user interaction with the wireless communication network via a respective current user device. The telecom data is then applied to a predictive model to obtain a prediction of future user device preferences. The prediction of the future user device preferences may include an indication that a user will switch from the respective current user device to another user device for future use with the wireless communication network. The method further includes performing an action with respect to the wireless communication network in response to the prediction of future user device preferences.

Abstract: This disclosure describes techniques for identifying most influential customers by determining various influence scores and metrics associated with each in-network customer and off-network customers that communicate with one or more in-network customers. A particular in-network customer can be assigned or have calculated for him or her a social media influence score, a voice call score, and an SMS score, and a particular off-network customer can be assigned or have calculated for him or her an acquisition score. The scores can be used in various context to generate recommendations for products and/or services, provide targeted marketing, and/or conduct performance analysis.

Abstract: A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person.

Abstract: A fraud monitor in a managed network is provided. The fraud monitor uses the network's instrumentation data, configuration data, and account information to detect fraudulent activities in the network, such as fraudulent advertisement or other types of fraudulent data traffic, including fraudulent responses (e.g., fraudulent clicks) to advertisement. The fraud monitor receives configuration data and identification data for physical resources of the network. The fraud monitor receives instrumentation data of packet traffic in the network. The fraud monitor receives account information for users of the network. The fraud monitor analyzes the instrumentation data to detect a violation of a fraud detection policy that prevents malicious or fraudulent online advertisement activity based on the configuration data, identification data, or account information.