> The largest ring that I saw went from zero to 3000 to 4000 attempts a day in a week.
> which means that the attacker isn't supposed to "learn" between attacks
Those are key takeaways and I'm glad someone else (on this side of the job) understands it.
It's a hard problem for anyone to solve. Not to self-promote, but I'm working on something that doesn't rely on machine learning; instead, it's focusing on patterns.
Because I used to be that guy that you worried about. Now, I'm the guy that the guys that you worry about worry about.
I wish you luck and if you succeed I'm sure that there will be some three letter agencies knocking on your door. I've had some luck using off-the-shelf clustering algorithms but they are too CPU intensive to run real time and require an investigator to interpret (great productivity boost though).
> which means that the attacker isn't supposed to "learn" between attacks
Those are key takeaways and I'm glad someone else (on this side of the job) understands it.
It's a hard problem for anyone to solve. Not to self-promote, but I'm working on something that doesn't rely on machine learning; instead, it's focusing on patterns.
Because I used to be that guy that you worried about. Now, I'm the guy that the guys that you worry about worry about.