Sentiment analysis for fraud detection

What is claimed is: 1 . A system comprising: a non-transitory memory storing instructions; and one or more hardware processors configured to execute the instructions from the non-transitory memory to cause the system to perform operations comprising: accessing a log of a sequence of actions taken by a user associated with a network-accessible software service; generating, using a word embedding algorithm on the sequence of actions, a representation of the sequence of actions within a vector space; performing a sentiment analysis, using a trained prediction model, on the sequence of actions taken by the user; determining, based on a result of the sentiment analysis, whether the sequence of actions indicates a propensity of the user to perform one or more types of prohibited transactions using the network-accessible software service; determining a mitigation action based on determining the sequence of actions indicates the propensity of the user to perform one or more types of prohibited transactions using the network-accessible software service; and executing the mitigation action. 2 . The system of claim 1 , wherein the word embedding algorithm is a word2vec algorithm. 3 . The system of claim 1 , wherein performing the sentiment analysis is based on the word embedding algorithm to determine the propensity of the user to perform the one or more types of prohibited transactions. 4 . The system of claim 3 , wherein the sentiment analysis is performed on the word embedding algorithm into the vector space. 5 . The system of claim 3 , wherein the trained prediction model is trained using sequences of user actions known to correspond to user accounts that have been classified as being involved with prohibited sequences of one or more transactions performed via the network accessible software service. 6 . The system of claim 1 , wherein using the trained prediction model uses a long short-term memory recurrent neural network (LSTM RNN). 7 . The system of claim 1 , wherein the operations further comprise: converting the log of actions of the user into a data structure, wherein using the word embedding algorithm is performed on the data structure. 8 . The system of claim 7 , wherein each session of the user on the network-accessible software service is represented as a sentence in the data structure and each action of the log of the sequence of actions is assigned a different word in a vocabulary of words. 9 . The system of claim 1 , wherein: the log of actions of the user on the network-accessible software service comprises an ordered set of actions performed through an account associated with the user on the network-accessible software service, and the ordered set of actions comprises at least one of: opening the account, logging into the account, changing a setting associated with the account, performing a transaction using the account, or waiting a period of time between performing account actions. 10 . The system of claim 1 , wherein the mitigation action comprises at least one of: restricting an account associated with the user, monitoring the account associated with the user, alerting an administrator about the account associated with the user, requiring an identity verification of the user, stopping pending transactions of the user, or raising a risk score of the account associated with the user to perform subsequent actions. 11 . A method comprising: accessing a log of a sequence of actions taken through a plurality of user accounts associated with a network-accessible software service; converting the log of the sequence of actions into a plurality of data structures, each of the plurality of data structures associated with a different user account of the plurality of user accounts; applying a word embedding algorithm to the plurality of data structures to produce a representation of the sequence of actions within a vector space; performing a sentiment analysis, using a trained prediction model, on the plurality of data structures; determining, based on a result of the sentiment analysis, whether one or more sequences of actions in the sequence of actions indicate a fraudulent account sentiment; determining at least one of the plurality of user accounts has the fraudulent account sentiment based on the sentiment analysis; and taking a mitigation action for each of the at least one of the plurality of user accounts that has the fraudulent account sentiment. 12 . The method of claim 11 , wherein determining at least one of the plurality of user accounts has the fraudulent account sentiment comprises: determining a sentiment score for each of the plurality of user accounts using the trained prediction model, and comparing the sentiment score for each of the plurality of user accounts with a threshold. 13 . The method of claim 12 , further comprising selecting the mitigation action again based on the sentiment score for each of the at least one of the at least one of the plurality of user accounts that has the fraudulent account sentiment. 14 . The method of claim 11 , wherein the sentiment analysis is performed using a long short-term memory recurrent neural network (LSTM RNN). 15 . The method of claim 11 , wherein each session of a user account of the plurality of user accounts is represented as a sentence in a data structure of the plurality of data structures and each action of the sequence of actions is assigned a different word in a vocabulary representing different user actions. 16 . The method of claim 11 , wherein the fraudulent account sentiment comprises an indication that an account of the plurality of user accounts has performed one or more prohibited transactions associated with the network-accessible software service. 17 . A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause performance of operations comprising: accessing a sequence of actions for a plurality of accounts, the plurality of accounts comprising a plurality of known non-fraudulent accounts and a plurality of known fraudulent accounts, the plurality of known non-fraudulent accounts comprising accounts with a first sequence of actions having a categorized benign sentiment and the plurality of known fraudulent accounts comprising accounts having a second sequence of actions with a categorized fraudulent sentiment; generating, using a word embedding algorithm on the sequence of actions, a representation of the sequence of actions within a vector space; accessing a prediction model for sentiment analysis; applying the representation of the sequence of actions within the vector space to the prediction model using a neural network that is configured to receive an input of a sequence of actions of an unclassified user account and an output a likelihood of prohibited user activity of the unclassified user account; retrieving the sequence of actions of the unclassified user account; and determining the likelihood of prohibited user activity of the unclassified user account using the prediction model and the sequence of actions of the unclassified user account. 18 . The non-transitory machine-readable medium of claim 17 , wherein the operations further comprise converting each distinct action type of the sequences of actions for the plurality of accounts into a separate word or a symbol in a vocabulary of words or symbols for use with the word embedding algorithm. 19 . The non-transitory machine-readable medium of claim 18 , wherein generating the re