The present invention relates to a web-based illegal login blocking device and method using machine learning, the method comprising: sequentially inputting login information extracted from login traffic information into a primary machine learning model and outputting a primary abnormal login determination resu Outputting the secondary abnormal login determination result by inputting statistical data obtained based on the first abnormal login determination result and the login information extracted from the login traffic information for a predetermined time to a secondary machine learning model. And blocking an abnormal login attempt according to the second abnormal login determination result. According to the present invention, it is possible to prevent additional information leakage due to account takeover through intelligent blocking of a random assignment attack, and to prevent a normal user account from being unable to service due to locking. In addition, it is possible to minimize the occurrence of unnecessary traffic caused by random assignment attacks.
展开▼