Brute force attacks remain one of the most common cyber threats targeting network authentication services such as Secure Shell (SSH), File Transfer Protocol (FTP), and web-based login systems. This type of attack is performed by repeatedly attempting various combinations of usernames and passwords until valid credentials are obtained. Brute force activities are often difficult to distinguish from legitimate network traffic because they exhibit communication patterns similar to normal user behavior. Therefore, an automated detection approach is required to identify abnormal patterns from network log data. This study implements a brute force attack detection system based on network log analysis using the Isolation Forest algorithm and a Rule-Based method. The dataset used in this research consists of network traffic logs captured using Wireshark and exported in CSV format. Data preprocessing was conducted to standardize log structure, convert timestamps into numerical values, and extract additional features, including packet count per source IP address. The Isolation Forest algorithm was applied as an unsupervised anomaly detection method, enabling the identification of abnormal network activities without requiring labeled data. Subsequently, a Rule-Based method was employed as a verification stage to classify detected anomalies as brute force attacks based on predefined rules, such as the presence of specific keywords in log information fields, repeated login attempts, and defined time windows. The experimental results indicate that the Isolation Forest algorithm effectively identifies anomalous network activities that deviate from normal traffic patterns. The application of the Rule-Based method further refines the detection results by filtering anomalies that exhibit brute force characteristics. The combination of both methods produces more specific and interpretable detection outcomes, as demonstrated by the identification of repeated failed login attempts originating from the same source IP within a short time interval. Detection results are presented through tabular outputs and visualizations to support further analysis.

Brute Force; Isolation Forest; Rule-Based; Wireshark; Anomaly Detection; Network Security.

Alpaydin, E., 2020. Introduction to machine learning. MIT Press.

Bejtlich, R., 2014. The practice of network security monitoring: Understanding incident detection and response. No Starch Press.

Buczak, A. L., Guven, E.. 2021. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176.

Chandola, V., Banerjee, A., Kumar, V., 2021. Anomaly detection: A survey. ACM Computing Surveys, 41(3), 1–58.

Chandravathi, B., Rao, K. S., Reddy, A. V., 2024. Network forensic analysis using Wireshark and machine learning techniques. Journal of Network and Computer Applications, 224, 103567.

Chua, Y., Lim, W., Wong, K., 2024. Isolation Forest based anomaly detection for network intrusion detection systems. Computers & Security, 134, 103455.

Hidayat, R., Kurniawan, F., 2021. Analisis forensik jaringan menggunakan Wireshark untuk mendeteksi serangan brute force. Jurnal Keamanan Informasi, 7(2), 85–94.

Khan, M. A., Karim, A., Kim, Y., 2022. A scalable machine learning based intrusion detection system for networks. Future Generation Computer Systems, 128, 83–95.

Kurose, J. F., Ross, K. W., 2021. Computer networking: A top-down approach. Pearson.

Liu, F. T., Ting, K. M., Zhou, Z. H. 2008. Isolation Forest. Proceedings of the IEEE International Conference on Data Mining, 413–422.

Mubarok, A., Romli, R., 2025. Rule-based and machine learning approaches for brute force attack detection. Journal of Network Security, 14(1), 22–35.

Raza, M., Rafiq, A., Iqbal, S., 2021. Detection of brute force attacks using machine learning techniques. Journal of Information Security and Applications, 58, 102713.

Schneier, B., 2018. Click here to kill everybody: Security and survival in a hyper- connected world. W. W. Norton & Company.

Stallings, W., 2020. Network security essentials: Applications and standards. Pearson.

Wireshark Foundation. 2023. Wireshark user’s guide. https://www.wireshark.org