Challenge
Cloud services are constantly under attack. Static rules for login detection produce too many false alarms and unnecessarily burden security teams. With over 4 million login requests daily, a smarter solution was needed that could distinguish real threats from harmless anomalies.
Solution
- Replacement of static detection rules with a flexible Gradient Boosting model
- Intensive feature engineering phase to identify optimal model characteristics
- Development of efficient low-level data connectors with memory optimizations and parallelization strategies
- Processing of terabytes of login data from AWS Data Lakes
- Integration into the customer's live production system
Our Contribution
- Analysis of existing data (regular logins, confirmed account takeovers)
- Development of ground truth as data basis for training
- Development of the machine learning classification model (Gradient Boosting)
- Intensive feature engineering phase to identify optimal model characteristics
- Development of specialized data connectors for efficient processing of terabytes from AWS Data Lakes
- Testing and validation of the model
Technologies
Results
50–60% fewer false positives at 4 million login requests daily. The security team can focus on real threats.