Intelligent Detection of Malicious IPs through Threat Monitoring
Abstract
The increasing sophistication of cyber threats to online services requires that advanced solutions to protect the integrity and confidentiality of data are deployed. One approach to deal with this scenario is Threat Intelligence which plays a crucial role, allowing companies and institutions to collect data on possible threats and, from this data, be able to deal with security incidents. Within this context, this article presents a Threat Intelligence solution based on Artificial Intelligence (AI) for preventing cyber threats through the detection of malicious IP addresses. The proposed AI model is fed through data collection from databases about new threats (VirusTotal, AbuseIPDB, Shodan, IBM X-Force, and AlienVault). These data used in the proposed AI model offer valuable indications about suspicious IPs and domains. The results, using this real data, show that the proposed solution can detect threats effectively.References
Afzaliseresht, N., Miao, Y., Michalska, S., Liu, Q., and Wang, H. (2020). From logs to stories: Human-centred data mining for cyber threat intelligence. IEEE Access, 8:19089–19099.
Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware ddos detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3):491–498.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via dns and communicating files. IEEE Access, 9:45242–45258.
Moreira, D. A. B., Marques, H. P., Costa, W. L., Celestino, J., Gomes, R. L., and Nogueira, M. (2021). Anomaly detection in smart environments using ai over fog and cloud computing. In 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC), pages 1–2.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Sarker, I. H., Kayes, A., Badsha, S., Alqahtani, H., Watters, P., and Ng, A. (2020). Cybersecurity data science: an overview from machine learning perspective. Journal of Big data, 7:1–29.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential ip proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6.
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and smote. In Computational Science–ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II 20, pages 468–481. Springer.
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9:39229–39244.
Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware ddos detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3):491–498.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via dns and communicating files. IEEE Access, 9:45242–45258.
Moreira, D. A. B., Marques, H. P., Costa, W. L., Celestino, J., Gomes, R. L., and Nogueira, M. (2021). Anomaly detection in smart environments using ai over fog and cloud computing. In 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC), pages 1–2.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Sarker, I. H., Kayes, A., Badsha, S., Alqahtani, H., Watters, P., and Ng, A. (2020). Cybersecurity data science: an overview from machine learning perspective. Journal of Big data, 7:1–29.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential ip proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6.
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and smote. In Computational Science–ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II 20, pages 468–481. Springer.
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9:39229–39244.
Published
2024-07-21
How to Cite
URBANO, Arthur C.; COSTA, Yago M.; PAULA, Mariana C. de; PORTELA, Ariel L.; PIMENTA, Ivo A.; GOMES, Rafael L..
Intelligent Detection of Malicious IPs through Threat Monitoring. In: PROCEEDINGS OF BRAZILIAN SYMPOSIUM ON UBIQUITOUS AND PERVASIVE COMPUTING (SBCUP), 16. , 2024, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 21-30.
ISSN 2595-6183.
DOI: https://doi.org/10.5753/sbcup.2024.2345.
