Conventional brute-force attacks can now be detected and identified based on statistical analysis of logs and traffic data. However, they fail to detect low-frequency and distributed brute-force attack behaviors. To address different attack methods, new detection techniques have emerged. This study compares various machine learning algorithms and selects two methods, namely the clustering algorithm k-means and bdscan, as well as the decision tree algorithm for data learning. In one approach, normal user login data is integrated with enterprise email log data. The data is first statistically analyzed and filtered, followed by quantifying data characteristics using information entropy. Subsequently, machine learning algorithms are employed for classification, and the results are visualized for display. In another approach, labeled raw data is used to train a model using the decision tree algorithm. By comparing the two analysis results, a more accurate model can be obtained. These analytical methods can help enterprises strengthen email security and defend against low-frequency and distributed brute-force attacks.
Read full abstract