Abstract
Conventional brute-force attacks can now be detected and identified based on statistical analysis of logs and traffic data. However, they fail to detect low-frequency and distributed brute-force attack behaviors. To address different attack methods, new detection techniques have emerged. This study compares various machine learning algorithms and selects two methods, namely the clustering algorithm k-means and bdscan, as well as the decision tree algorithm for data learning. In one approach, normal user login data is integrated with enterprise email log data. The data is first statistically analyzed and filtered, followed by quantifying data characteristics using information entropy. Subsequently, machine learning algorithms are employed for classification, and the results are visualized for display. In another approach, labeled raw data is used to train a model using the decision tree algorithm. By comparing the two analysis results, a more accurate model can be obtained. These analytical methods can help enterprises strengthen email security and defend against low-frequency and distributed brute-force attacks.
Reference17 articles.
1. Abnormal behavior detection for campus email systems based on big data analysis;Jia;Journal of Communications.,2018
2. Research on Network Traffic Intrusion Detection Based on Machine Learning;Qing;University of Electronic Science and Technology.,2022
3. Research on advertising content recognition based on convolutional neural network and recurrent neural network;Mei;International Journal of Computational Science and Engineering.,2021
4. Real-time anomaly attack detection based on an improved variable length model;Mei;Journal of Computational Methods in Sciences and Engineering.,2023
5. A survey of Random forest algorithms;Yan;Journal of the Hebei Academy of Sciences.,2019