Credential Stuffing: ML Behavioral Model Tuning

AI for Cybersecurity · 6 steps

Briefing

You are a fraud detection engineer at Acme Bank. The login API uses a behavioral ML model that scores each login attempt 0 to 1 for credential-stuffing risk. The model uses features: ASN reputation, user-agent rarity, time-since-last-login, password-leak corpus match, and velocity per IP.

On Black Friday the model flagged 18,000 logins with score above 0.7. Ground-truth review of a 200-sample subset shows 84 percent are real customers shopping from new networks. Auto-block at 0.7 would lock thousands of legitimate users.

This scenario tests ML threshold tuning, credential-stuffing tradecraft, and the trade-off between false positives and missed attacks. Sources: MITRE ATT&CK T1110.004 Credential Stuffing, OWASP Automated Threats OAT-008.

How Crucible mode works

One ordered pass through every step. No clock. Each answer scores against the canonical solution.

Hints reduce the points you can earn for that step. Free-text steps queue for manual review.

What you will practice

01Distinguish credential stuffing, password spraying, and brute force
02Tune precision and recall trade-offs in a deployed ML detector
03Use ASN, user-agent, and velocity features without single-feature traps
04Choose step-up authentication over hard block when uncertainty is high

Back to Range