Testing frequency control using a volatility score

What is claimed is: 1. A method of testing, by a computing device, a service provided by one or more computing devices for security threats, the method comprising: obtaining, by the computing device, a volatility map for one or more services, the one or more services including the service, and the volatility map including: a universal resource locator (URL) associated with the service, and a volatility score that describes an amount of change in behavior associated with the URL; calculating, by the computing device, a testing frequency for the URL based at least in part on the volatility score, the testing frequency being a frequency at which the computing device tests the URL; and controlling testing, by the computing device, of the URL according to the calculated testing frequency. 2. The method of claim 1 , wherein the changes in the behavior are independent of changes to content served by the service. 3. The method of claim 1 , wherein the calculating is performed such that the testing frequency is increased in response to increases in the volatility score. 4. The method of claim 1 , wherein the amount of change is calculated by: collecting data associated with an initial behavior phase of the service; collecting data associated with an exercised behavior phase of the service; and computing a deviation between the initial behavior phase and the exercised behavior phase. 5. The method of claim 4 , wherein: collecting data associated with the initial behavior phase comprises using a meta-domain descriptor in a specific context triggered by a matrix execution; or collecting data associated with the exercised behavior phase comprises using a meta-domain descriptor in a specific context triggered by a matrix execution. 6. The method of claim 4 , wherein collecting data associated with the initial behavior phase comprises using a meta-domain descriptor in a specific context triggered by a matrix execution; and wherein collecting data associated with the exercised behavior phase comprises using the meta-domain descriptor in a specific context triggered by the matrix execution. 7. The method of claim 6 , wherein the meta-domain descriptor is a collection of objects described in an independent context. 8. The method of claim 7 , wherein the meta-domain descriptor includes an extractor that extracts specific objects from a page and a collection of features which define what a behavior means. 9. The method of claim 4 , wherein collecting data associated with the initial behavior phase and collecting data associated with the exercised behavior phase are performed over different finite time periods having the same length. 10. The method of claim 4 , wherein collecting data associated with the initial behavior phase defines a set of values and wherein collecting data associated with the exercised behavior phase defines another set of values and further comprising clustering both sets of values into respective clusters. 11. A service testing system comprising: one or more processors; and a memory storing instructions executable by the one or more processors and that, when executed by the one or more processors, configure the service testing system to: obtain a volatility map for a service to be tested, the volatility map including a universal resource locator (URL) f associated with the service and a volatility score that quantifies a change between an initial behavior of the service and an exercised behavior of the service; calculate a testing frequency for the URL based at least in part on the volatility score of the service; and control testing of the URL using the calculated testing frequency. 12. The service testing system of claim 11 , wherein the volatility scores describe an amount of change in behavior associated with the URLs. 13. The service testing system of claim 11 , wherein the calculating is performed such that the testing frequency is increased in response to increases in the volatility score. 14. The service testing system of claim 11 , wherein the calculating is performed dynamically to reflect changes in the volatility map. 15. A computing device to control testing frequency of a service provided by one or more computing devices, the computing device comprising: one or more processors; and one or more computer-readable storage media comprising instructions stored thereon that, responsive to execution by the one or more processors, causes the one or more processors to perform operations comprising: calculating a volatility map for the service to be tested, the volatility map including a universal resource locator (URL) of the service and a volatility score that quantifies changes in exercised behavior of the service independent of changes to content served by the service; calculating a testing frequency for the URL based at least in part on the volatility score of the service; and controlling testing of the URL according to the calculated testing frequency. 16. The computing device of claim 15 , wherein the volatility scores describe an amount of change in behavior associated with the URL. 17. The computing device of claim 15 , wherein the calculating is performed such that the testing frequency is increased in response to increases in the volatility score. 18. The computing device of claim 15 , wherein the calculating is performed dynamically to reflect changes in the volatility map. 19. The computing device of claim 15 , wherein the changes in the exercised behavior are calculated by: collecting data associated with an initial behavior phase of the service; collecting data associated with the exercised behavior phase of the service; and computing a deviation between the initial behavior phase and the exercised behavior phase. 20. The computing device of claim 15 , wherein the service is one of a plurality of services; wherein the volatility map includes volatility scores and URLs corresponding to respective ones of the plurality of services; and wherein the operations further comprise: calculating a plurality of test frequencies, respective ones of the plurality of test frequencies corresponding to respective ones of the URLs of the plurality of services, the calculating being based at least in part on the volatility scores corresponding to the plurality of services, and controlling testing of the URLs according to the plurality of test frequencies.