Techniques for determining anomalous user behavior in connection with an online application are disclosed. In one embodiment, a method is disclosed comprising obtaining user behavior data in connection with a user of an application, generating feature data using the obtained user behavior data, obtaining one or more user behavior anomaly predictions from one or more anomaly prediction models trained to output a user behavior anomaly prediction in response to the feature data. Each user behavior anomaly prediction indicates a probability that the user behavior is anomalous. A user behavior anomaly determination is made using the user behavior anomaly prediction(s).

A processor may identify one or more predicted microservice chains for each of one or more user profiles. The one or more predicted microservice chains may be selected based on historical information. The one or more user profiles may each be associated with a respective user of a user device. The processor may analyze user specific information. The user specific information may be associated with the user device. The processor may determine, based on the user specific information, if the user device causes network intrusion. The processor may perform, based on the determination, an action for the user device.

Provided are methods and systems related to communications between a social media service or provider (e.g., Twitter®, Facebook®) or other resource (e.g., web page) and one or more content providers. In an aspect, provided are methods, comprising receiving user information and a user agnostic identifier, providing an access element configured to provide access to content from a content provider based on the user information and the user agnostic identifier, receiving, from the content provider, a notification indicative of a user interaction with the content based on a user accessing the content, and tracking user behavior based on at least one of the user information, the user agnostic identifier, the access element, and the notification.

A server system for a map-based social media platform maintains user location information to enable the rendering of friend icons on a map at a corresponding display locations. The system maintains a per user access control list (ACL) that lists all users whose icons can be viewed by a requesting user. The ACL can include a designation of respective display granularity levels for different friend users.

One or more computing devices, systems, and/or methods for cross-domain action prediction are provided. Action sequence embeddings are generated based upon a textual embedding and a graph embedding utilizing past user action sequences corresponding to sequences of past actions performed by users across a plurality of domains. An autoencoder is trained to utilize the action sequence embeddings to project the action sequence embeddings to obtain intent space vectors. A service switch classifier is trained using the intent space vectors. In response to the service switch classifier predicting that a current user will switch from a current domain to a next domain, the current user is provided with a recommendation of an action corresponding to the next domain.

An information processing apparatus including a control unit configured to perform obtaining result data indicating a result of locking and unlocking performed by a locking and unlocking device that performs locking and unlocking based on authentication information obtained from a portable terminal carried by a user, and generating, based on the result data, proposal data including a proposal for a service to be provided to the user.

Systems, methods, and media are used to identify phishing attacks. A notification of a phishing attempt with a parameter associated with a recipient of the phishing attempt is received at a security management node. In response, an indication of the phishing attempt is presented in a phishing attempt search interface. The phishing attempt search interface may be used to search for additional recipients, identify which recipients have been successfully targeted, and provide a summary of the recipients. Using this information, appropriate security measures in response to the phishing attempt for the recipients may be performed.

Example methods and apparatus for associating media devices with a demographic composition of a geographic area are disclosed. Disclosed example apparatus are to obtain a plurality of Internet Protocol addresses assigned to a media device associated with a panel member. Disclosed example apparatus are also to determine a most used Internet Protocol address from the plurality of Internet Protocol addresses, determine a geographic location corresponding to the most used Internet Protocol address, associate a geographic area with the media device in response to a determination that the geographic location corresponds to a location of an internet service provider, determine a demographic profile associated with the geographic area, and associate the demographic profile with the media device.

Methods, apparatus, systems, and articles of manufacture to monitor mobile Internet usage are disclosed. Example apparatus disclosed herein to monitor application usage associated with a device means for differentiating between foreground requests and background requests included in a burst of logged requests. Disclosed example apparatus further include means for calculating a presentation duration for a first application executed by the device based on at least a subset of the foreground requests identified in the burst of logged requests.

In an approach to longevity management of social network data, a computer detects a posting of a social artifact by a first user of a social network. A computer stores the social artifact with associated identification information. A computer stores activity associated with the social artifact by one or more other users. A computer detects a status change in an account associated with the first user, wherein the status change indicates the first user is not active in the social network. In response to detecting the status change, a computer determines a second user from the one or more other users to which to transfer the social artifact based on the social artifact, the associated identification information, and the activity associated with the social artifact by the one or more other users. A computer transfers the social artifact to an account associated with the second user on the social network.