Security Analysis & Detection
Authentication logs are high-volume and low-signal. Brute force attacks, slow credential spraying, and simple user mistakes are often mixed together, creating alert fatigue and missed risk. This project demonstrates a practical, explainable approach to detection that classifies behavior before alerting.
Project Overview
This case study focuses on analyzing authentication logs to distinguish malicious activity from benign behavior. Rather than relying on static thresholds, the analysis evaluates patterns over time to identify meaningful anomalies and present findings in a format suitable for human review.
What Was Delivered
- Python-based authentication log analysis
- Classification of brute force attacks
- Identification of slow credential spraying attempts
- Separation of benign user login errors
- Explainable findings with timestamps and context
- Human-readable security report output
Project Walkthrough
The video below walks through the analysis process, explaining how different behaviors were identified and why certain activity was classified as malicious or benign.
Sample Artifact
The analysis produces a clear, review-ready report summarizing findings and highlighting anomalous activity.