I really like your plugin and I especially like the table you create and track the attempts.
I also really like the knobs you've built into the plugin to set the various 'alert' levels including time based interval tuning.
This is a suggestion for perhaps added function to this plugin (and feel free to point me elsewhere if WordPress already does this).
A popular security tool for folks who run their own servers is http://www.fail2ban.org/wiki/index.php/Main_Page Fail2Ban. This tool basically works by watching log files for events and then inserting the offending IP address directly into a firewall block list.
I am pretty sure all you need to do to your plugin is add some basic SYSLOG reporting allowing folks to a) turn it on b)set the SYSLOG parameters and c) be sure to include the IP address etc. If I were to use it, I'd want the SYSLOG message generated with the same controls that your email notification currently uses.
Just some thoughts. I'd be happy to test out any changes you might make. One of my sites is under dictionary attack by an IP address that tries ONE admin password every 10-15 minutes 7x24