System for determining anomalies associated with a request

What is claimed is: 1. A system comprising: one or more memories storing computer-executable instructions; and one or more hardware processors configured to execute the computer-executable instructions to: receive a request to access a service; determine at least one metric value associated with the request, the at least one metric value including one or more of: an origin location associated with the request; an identifier associated with the service; a user agent associated with the request; an identifier associated with an entity providing the request; an operation associated with the request; or an indication of a network associated with the request; access weight data indicative of a weight associated with the at least one metric value; determine a frequency of access associated with the at least one metric value; determine a time at which a previous access associated with the at least one metric value occurred; determine a count of accesses associated with the at least one metric value during a first time period; determine a ratio of the count of accesses to a total count of accesses associated with the service; modify the weight based on the frequency of access, the time at which the previous access occurred, the count of accesses, and the ratio to determine a modified weight; based on the modified weight for the at least one metric value, determine a security value associated with the request; based on one or more previous security values determined during a second time period, determine a threshold security value; determine correspondence between the security value associated with the request and the threshold security value, the correspondence indicating a likelihood of an anomaly associated with the request; and perform a control action based on the likelihood of the anomaly. 2. The system of claim 1 , further comprising computer-executable instructions to: access normalization data associated with a particular metric value, the normalization data indicating one or more of: a portion of the particular metric value to be stored; a derived value to be determined from the particular metric value; or a mapping between the particular metric value and a mapped value to be determined from the particular metric value; determine one or more of the portion, the derived value, or the mapped value based on the particular metric value; and store the one or more of the portion, the derived value, or the mapped value in association with the request. 3. The system of claim 1 , further comprising computer-executable instructions to: access deviation data indicative of one or more sets of metric values associated with non-anomalous requests; and determine correspondence between the at least one metric value and the deviation data, the correspondence indicating that the request is non-anomalous. 4. The system of claim 1 , further comprising computer-executable instructions to: access deviation data indicative of one or more sets of metric values associated with non-anomalous requests; determine correspondence between the at least one metric value and the deviation data; and decrease the modified weight for the at least one metric value based on the correspondence between the at least one metric value and the deviation data. 5. A method comprising: determining a metric value associated with a request; determining a weight associated with the metric value; determining metric data including one or more of: a frequency of access associated with the metric value; a time at which a previous access associated with the metric value occurred; a count of accesses associated with the metric value; or a ratio of the count of accesses to a total count of accesses associated with a service targeted by the request; based on the metric data, modifying the weight associated with the metric value to form a modified weight; based on the modified weight and the metric value, determining a security value associated with the request, the security value indicating a likelihood of an anomaly associated with the request; and performing a control action based on the security value. 6. The method of claim 5 , further comprising: determining one or more previous security values associated with a time period; generating a threshold security value based on the one or more previous security values; and determining correspondence between the security value and the threshold security value, the correspondence indicating the likelihood of the anomaly associated with the request; wherein the control action is performed based on the correspondence. 7. The method of claim 5 , further comprising: accessing normalization data associated with the metric value, the normalization data indicating one or more normalized values to be determined based on the metric value; and determining the one or more normalized values associated with the metric value. 8. The method of claim 7 , further comprising: determining one or more of: a quantity of data storage associated with a data storage medium for storing the metric value; or a time associated with searching the data storage medium to determine one or more particular metric values; and generating the normalization data based on the one or more of the quantity of data storage or the time associated with searching the data storage medium. 9. The method of claim 5 , wherein the metric value includes a network address associated with the request, and the network address is indicative of one or more of: a country of origin associated with the request, a region of origin associated with the request, a city of origin associated with the request, or a network service provider associated with the request, the method further comprising: determining a time associated with searching a data storage medium to determine the one or more of the country of origin, the region of origin, the city of origin, or the network service provider; generating normalization data based on the time associated with searching the data storage medium, the normalization data indicating a normalized value including one of: the country of origin, the region of origin, the city of origin, or the network service provider; determining the normalized value based on the request; and storing the normalized value in the data storage medium. 10. The method of claim 5 , wherein the metric value includes a user agent associated with the request, and the user agent includes one or more of: a version, a name, or a type, the method further comprising: determining a time associated with searching a data storage medium to determine the one or more of the version, the name, or the type; generating normalization data based on the time associated with searching the data storage medium, the normalization data indicating a normalized value including one of: the version, the name, or the type; determining the normalized value based on the request; and storing the normalized value in the data storage medium. 11. The method of claim 5 , further comprising: determining at least one second metric value associated with the request, the metric value and the at least one second metric value defining a set of metric values; accessing deviation data indicating one or more sets of metric values associated with one or more non-anomalous requests; and determine correspondence between the deviation data and the set of metric values, the correspondence indicating that the request is non-anomalous; wherein the control action includes one or more of: outputting an indication that the request is non-anomalous or storing the set of metric values as non-anomalous security v