Detection of modified requests

What is claimed is: 1. A computer-implemented method, comprising: receiving, to a resource provider environment, a request for a connection to a resource; determining a set of connection parameters for the request, the connection parameters selected from at least two layers of a networking framework; analyzing the set of connection parameters, prior to establishing the connection to the resource, to determine connection parameter data corresponding to at least one combination of at least a subset of the set of connection parameters; comparing the connection parameter data to a set of connection parameter signatures, each connection parameter signature corresponding to a previously determined combination and ordering of connection parameters having a determined probability of corresponding to a man-in-the-middle attack on a respective connection; determining one or more matching signatures, of the set of connection parameter signatures, corresponding to the connection parameter data; calculating, for the request, a request probability value based at least in part upon the respective probabilities of the one or more matching signatures; comparing the request probability value to a probability threshold; and performing at least one determined action in response to the request probability value exceeding the probability threshold. 2. The computer-implemented method of claim 1 , wherein the networking framework corresponds to the Open System Interconnection model, the further comprising: determining a pair of layers of the networking framework from which to select the set of connection parameters, the pair of layers including two layers selected from network layer 3, transport layer 4, session layer 5, presentation layer 6, or application layer 7. 3. The computer-implemented method of claim 1 , wherein the set of connection parameter signatures include signatures for at least one of valid connections or connections determined to correspond to suspicious connections, and further comprising: calculating the request probability value using a weighted average of the probabilities for the one or more matching signatures. 4. The computer-implemented method of claim 1 , further comprising: selecting the at least one determined action to perform for the request, the at least one determined action included at least one of denying the request, terminating the connection, directing the request to a limited environment, logging information for the request, providing only a partial response for the request, blocking content associated with the request, or withholding compensation associated with the request. 5. A computer-implemented method, comprising: determining, for a connection request, a set of connection parameters of the connection request, the set of connection parameters selected from at least two layers of a networking framework; analyzing a selection of at least a subset of the set of connection parameters to determine a probability score for the connection request prior to establishing the connection, the probability score indicating a likelihood that an aspect of the connection request has been compromised; determining that the probability score exceeds a probability threshold; and performing a specified action for the connection request. 6. The computer-implemented method of claim 5 , wherein the networking framework corresponds to the Open System Interconnection model, and further comprising: determining a pair of layers of the networking framework from which to select the set of connection parameters, the pair of layers including two layers selected from network layer 3, transport layer 4, session layer 5, presentation layer 6, or application layer 7. 7. The computer-implemented method of claim 5 , wherein the set of connection parameters is a valid set according to the networking framework. 8. The computer-implemented method of claim 5 , further comprising: selecting at least one of a combination or an ordering of the selection of connection parameters for the connection request; and analyzing the at least one of the combination or the ordering of the selection using a trained probability model to generate the probability score. 9. The computer-implemented method of claim 8 , further comprising: updating, in response to determining the probability score, the trained probability model based at least in part upon the probability score or the at least one of the combination or the ordering. 10. The computer-implemented method of claim 5 , further comprising: selecting at least one of a combination or an ordering of the selection of connection parameters for the connection request; comparing the at least one of the combination or the ordering to a set of connection parameter signatures, each connection parameter signature corresponding to at least one of a previously determined combination or ordering of connection parameters having a determined probability of corresponding to a compromised connection request; determining one or more matching signatures, of the set of connection parameter signatures, corresponding to the at least one of the combination or the ordering; and calculating, for the connection request, the probability score based at least in part upon the respective probabilities of the one or more matching signatures. 11. The computer-implemented method of claim 10 , further comprising: calculating the probability score using a weighted average of the probabilities for the one or more matching signatures. 12. The computer-implemented method of claim 10 , further comprising: logging first request information for the connection request, the request information including at least one of the probability score, the combination, or the ordering; subsequently aggregating the first request information with other request information logged for other connection requests; and generating a new set of connection parameter signatures based at least in part upon the set of connection parameter signatures and using the aggregated first and other request information. 13. The computer-implemented method of claim 5 , further comprising: receiving a second connection request; determining that a second probability score for the second connection request exceeds a second probability threshold; and performing a second action for the second connection request. 14. The computer-implemented method of claim 13 , further comprising: selecting at least one of the second action or the at least one determined action from at least one of request denial, connection termination, directing to a limited environment, logging information, providing only a partial response, blocking associated content, or withholding associated compensation. 15. A non-transitory computer-readable storage medium storing instructions that, when executed by the at least one processor of a computer system, cause the computer system to: determine, for a connection request, a set of connection parameters of the connection request, the set of connection parameters selected from at least two layers of a networking framework; analyze a selection of at least a subset of the set of connection parameters to determine a probability score for the connection request prior to establishing the connection, the probability score indicating a likelihood that an aspect of the connection request has been compromised; determine that the probability score exceeds a probability threshold; and perform a specified action for the connection request. 16. The non-transitory computer-readable storage medium of claim 15 , w