SIGMA-IP: Intelligent Threat Management and Monitoring System for IP Networks
Abstract
An increasing need for dynamic and adaptive security solutions has emerged, where the approach of Cyber Threat Intelligence aims to collect, analyze, and interpret relevant information about digital threats. Within this context, this article presents SIGMA-IP (Intelligent Threat Management and Monitoring System), a solution that autonomously and intelligently manages connections in network infrastructures based on threat data. SIGMA-IP monitors connections, analyzes information collected from public threat databases (such as AbuseIPDB, VirusTotal, Pulsedive, and IPVoid), and uses Machine Learning (ML) to classify connections as Blocklist, Allowlist, or Suspect. The dynamic behavior of SIGMA-IP enables real-time updates, and continuous ML training allows for a rapid and robust response to cyber threats. Experiments conducted in a real network environment indicate that SIGMA-IP effectively detects threats within an appropriate timeframe to mitigate incidents.
Keywords:
Network Security, Network Monitoring, Artificial Intelligence, Threat Detection, Traffic Control, Security Automation
References
Afzaliseresht, N., Miao, Y., Michalska, S., Liu, Q., and Wang, H. (2020). From logs to stories: Human-centred data mining for cyber threat intelligence. IEEE Access, 8, 19089–19099.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers and Electrical Engineering, 40(1), 16–28.
Costa, M., Costa, Y., Silva, D., Portela, A., and Gomes, R. (2024). Gerenciamento de conexões usando firewall automatizado a partir de dados de inteligência sobre ameaças. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (pp. 815–821). Porto Alegre, RS, Brasil: SBC.
Costa, M. A., Costa, Y. M., Almeida, Y. O., Cardoso, F. J., and Gomes, R. L. (2024). Connection management using automated firewall based on threat intelligence. In Proceedings of the 2024 Latin America Networking Conference (LANC ’24) (pp. 32–37). New York, NY, USA: Association for Computing Machinery.
Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware DDoS detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3), 491–498.
Ferreira, M. C., Ribeiro, S. E., Nobre, F. V., Linhares, M. L., Araujo, T. P., and Gomes, R. L. (2024). Mitigating measurement failures in throughput performance forecasting. In 2024 20th International Conference on Network and Service Management (CNSM). IFIP.
Guyon, I. M. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of Machine Learning Research, 3, 1157–1182.
Hall, M. A. (1999). Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato.
Komosny, D. (2023). Evidential value of country location evidence obtained from IP address geolocation. PeerJ Computer Science.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via DNS and communicating files. IEEE Access, 9, 45242–45258.
Portela, A., Linhares, M. M., Nobre, F. V. J., Menezes, R., Mesquita, M., and Gomes, R. L. (2024). The role of TCP congestion control in throughput forecasting. In Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing (LADC ’24) (pp. 196–199). New York, NY, USA: Association for Computing Machinery.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of IoT devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–6).
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on IP profile database using Python. Journal of Internet and Software Engineering, 3, 12–19.
Silva, M., Ribeiro, S., Carvalho, V., Cardoso, F., and Gomes, R. L. (2023). Scalable detection of SQL injection in cyber-physical systems. In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing (LADC ’23) (pp. 220–225). New York, NY, USA: Association for Computing Machinery.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–5).
Souza, M. S., Ribeiro, S. E. S. B., Lima, V. C., Cardoso, F. J., and Gomes, R. L. (2024). Combining regular expressions and machine learning for SQL injection detection in urban computing. Journal of Internet Services and Applications, 15(1), 103–111.
Tang, J., Alelyani, S., and Liu, H. (2014). Feature selection for classification: A review. In Data Classification: Algorithms and Applications (pp. 37–64).
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential IP proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6).
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers & Security, 87, 101589.
Walla, S. and Rossow, C. (2019). Malpity: Automatic identification and exploitation of tarpit vulnerabilities in malware. In 2019 IEEE European Symposium on Security and Privacy (EuroSP) (pp. 590–605).
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and SMOTE. In Computational Science–ICCS 2020: 20th International Conference (pp. 468–481). Amsterdam, The Netherlands: Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS) (pp. 1–6).
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9, 39229–39244.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers and Electrical Engineering, 40(1), 16–28.
Costa, M., Costa, Y., Silva, D., Portela, A., and Gomes, R. (2024). Gerenciamento de conexões usando firewall automatizado a partir de dados de inteligência sobre ameaças. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (pp. 815–821). Porto Alegre, RS, Brasil: SBC.
Costa, M. A., Costa, Y. M., Almeida, Y. O., Cardoso, F. J., and Gomes, R. L. (2024). Connection management using automated firewall based on threat intelligence. In Proceedings of the 2024 Latin America Networking Conference (LANC ’24) (pp. 32–37). New York, NY, USA: Association for Computing Machinery.
Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware DDoS detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3), 491–498.
Ferreira, M. C., Ribeiro, S. E., Nobre, F. V., Linhares, M. L., Araujo, T. P., and Gomes, R. L. (2024). Mitigating measurement failures in throughput performance forecasting. In 2024 20th International Conference on Network and Service Management (CNSM). IFIP.
Guyon, I. M. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of Machine Learning Research, 3, 1157–1182.
Hall, M. A. (1999). Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato.
Komosny, D. (2023). Evidential value of country location evidence obtained from IP address geolocation. PeerJ Computer Science.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via DNS and communicating files. IEEE Access, 9, 45242–45258.
Portela, A., Linhares, M. M., Nobre, F. V. J., Menezes, R., Mesquita, M., and Gomes, R. L. (2024). The role of TCP congestion control in throughput forecasting. In Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing (LADC ’24) (pp. 196–199). New York, NY, USA: Association for Computing Machinery.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of IoT devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–6).
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on IP profile database using Python. Journal of Internet and Software Engineering, 3, 12–19.
Silva, M., Ribeiro, S., Carvalho, V., Cardoso, F., and Gomes, R. L. (2023). Scalable detection of SQL injection in cyber-physical systems. In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing (LADC ’23) (pp. 220–225). New York, NY, USA: Association for Computing Machinery.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium (pp. 1–5).
Souza, M. S., Ribeiro, S. E. S. B., Lima, V. C., Cardoso, F. J., and Gomes, R. L. (2024). Combining regular expressions and machine learning for SQL injection detection in urban computing. Journal of Internet Services and Applications, 15(1), 103–111.
Tang, J., Alelyani, S., and Liu, H. (2014). Feature selection for classification: A review. In Data Classification: Algorithms and Applications (pp. 37–64).
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential IP proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6).
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers & Security, 87, 101589.
Walla, S. and Rossow, C. (2019). Malpity: Automatic identification and exploitation of tarpit vulnerabilities in malware. In 2019 IEEE European Symposium on Security and Privacy (EuroSP) (pp. 590–605).
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and SMOTE. In Computational Science–ICCS 2020: 20th International Conference (pp. 468–481). Amsterdam, The Netherlands: Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS) (pp. 1–6).
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9, 39229–39244.
Published
2025-05-19
How to Cite
J. NOBRE, Francisco V.; M. DA COSTA, Yago; O. ALVES, David; S. ARAUJO, Ramon; S. RODRIGUES, Lyedson; B. NETO, Antonio; A. PEREIRA JR., Lourenço; L. GOMES, Rafael.
SIGMA-IP: Intelligent Threat Management and Monitoring System for IP Networks. In: WORKSHOP ON MANAGEMENT AND OPERATION OF NETWORKS AND SERVICE (WGRS), 30. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 43-56.
ISSN 2595-2722.
DOI: https://doi.org/10.5753/wgrs.2025.8759.
