Blacklist-based Malicious IP Traffic Detection


This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on



Year of publication 2015
Type Article in Proceedings
Conference Proceedings of Global Conference on Communication Technologies (GCCT)
MU Faculty or unit

Faculty of Informatics

Field Informatics
Keywords Cyber attacks; botnet; malicious IP; malware; intrusion detection system.
Attached files
Description At present malicious software or malware has increased considerably to form a serious threat to Internet infrastructure. It becomes the major source of most malicious activities on the Internet such as direct attacks, (distributed) denial-of-service (DOS) activities and scanning. Infected machines may join a botnet and can be used as remote attack tools to perform malicious activities controlled by the botmaster. In this paper we present our methodology for detecting any connection to or from malicious IP address which is expected to be command and control (C&C) server. Our detection method is based on a blacklist of malicious IPs. This blacklist is formed based on different intelligence feeds at once. We process the network traffic and match the source and destination IP addresses of each connection with IP blacklist. The intelligence feeds are automatically updated each day and the detection is in the real time.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info