Abstract: A computerized method for detecting fraud includes obtaining frequency information on entities in transaction data for at least one individual account, converting frequency information to a frequency variable, and predicting whether an activity is fraudulent in response to the frequency variable. In some embodiments, the frequency variable is used with at least one other variable to predict fraudulent activity.

Abstract: A system and method of detecting command and control behavior of malware on a client computer is disclosed. One or more DNS messages are monitored from one or more client computers to a DNS server to determine a risk that one or more client computers is communicating with a botnet. Real-time entity profiles are generated for at least one of each of the one or more client computers, DNS domain query names, resolved IP addresses of query domain names, client computer-query domain name pairs, pairs of query domain name and corresponding resolved IP address, or query domain name-IP address cliques based on each of the one or more DNS messages. Using the real-time entity profiles, a risk that any of the one or more client computers is infected by malware that utilizes DNS messages for command and control or illegitimate data transmission purposes is determined. One or more scores are generated representing probabilities that one or more client computers is infected by malware.

Abstract: A system and method of detecting command and control behavior of malware on a client computer is disclosed. One or more DNS messages are monitored from one or more client computers to a DNS server to determine a risk that one or more client computers is communicating with a botnet. Real-time entity profiles are generated for at least one of each of the one or more client computers, DNS domain query names, resolved IP addresses of query domain names, client computer-query domain name pairs, pairs of query domain name and corresponding resolved IP address, or query domain name-IP address cliques based on each of the one or more DNS messages. Using the real-time entity profiles, a risk that any of the one or more client computers is infected by malware that utilizes DNS messages for command and control or illegitimate data transmission purposes is determined. One or more scores are generated representing probabilities that one or more client computers is infected by malware.

Abstract: A computerized method for detecting fraud includes obtaining frequency information on entities in transaction data for at least one individual account, converting frequency information to a frequency variable, and predicting whether an activity is fraudulent in response to the frequency variable. In some embodiments, the frequency variable is used with at least one other variable to predict fraudulent activity.

Abstract: A computerized method for detecting fraud includes obtaining frequency information on entities in transaction data for at least one individual account, converting frequency information to a frequency variable, and predicting whether an activity is fraudulent in response to the frequency variable. In some embodiments, the frequency variable is used with at least one other variable to predict fraudulent activity.

Abstract: A computerized method for detecting fraud includes obtaining frequency information on entities in transaction data for at least one individual account, converting frequency information to a frequency variable, and predicting whether an activity is fraudulent in response to the frequency variable. In some embodiments, the frequency variable is used with at least one other variable to predict fraudulent activity.