Adaptive Brute Force Attack Detection Based on Behavioral Profiling And Machine Learning

Abstract

In addition to the growing use of digital services, brute force accesses are now popular ways of breaching the security of the information and integrity of the system. Traditional detection systems, such as simple threshold-based systems, have a large false positive rate and will not react to legitimate user behavior, particularly to low-rate stealthy attacks. The paper proposes an intelligent and dynamic brute force login attempt identification system that is composed of behavioral analytics, machine learning (Isolation Forest and LSTM), and adaptive thresholding. As experimental results on synthetic and real authentication log datasets show, the proposed framework works: In synthetic datasets (60 attacks injected), the hybrid framework was able to identify all attacks with Recall = 1.0, Precision = 0.92 and F1-Score = 0.96, with a larger decrease in false positives than the approaches of using only static thresholds. The model obtained Recall = 1.0, Precision = 0.92 and F1-Score = 0.96 on 10,000-login attempt logs with 34 known attacks and high-frequency and low-rate stealthy attacks. Overfitting was also prevented using cross-validation, feature normalization, and dropout of LSTM, and early stopping and strong generalization was demonstrated to unseen data. The proposed framework contributes an efficient, scalable, and context-sensitive framework for the real-time detection of brute force attacks, and it demonstrates a significant enhancement over the traditional techniques and a foundation for an intelligent system in intrusion detection in the future.