IP SafeGuard–An AI-Driven Malicious IP Detection Framework
The rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation checks, are no longer sufficient in today’s dynami...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11002475/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849687529708584960 |
|---|---|
| author | Abdullah Al Siam Moutaz Alazab Albara Awajan Md Rakibul Hasan Areej Obeidat Nuruzzaman Faruqui |
| author_facet | Abdullah Al Siam Moutaz Alazab Albara Awajan Md Rakibul Hasan Areej Obeidat Nuruzzaman Faruqui |
| author_sort | Abdullah Al Siam |
| collection | DOAJ |
| description | The rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation checks, are no longer sufficient in today’s dynamic threat scenario. To overcome these constraints, we present IP SafeGuard, an AI-driven platform that incorporates multi-source threat intelligence, sophisticated feature engineering, and machine learning (ML)for real-time IP categorization. The framework collects data from AbuseIPDB, VirusTotal, and other sources to compute a Dynamic Threat Score (DTS) for each IP address. It leverages an XGBoost-based classification model to achieve high accuracy and low false-positive rates, even in skewed datasets. Experimental findings indicate the improved performance of IP SafeGuard, with an accuracy of 98.2%, a precision of 97.8%, and a recall of 98.5%. The average detection duration of 45 milliseconds makes it appropriate for real-time SOC integration, enabling automated incident response through Security Information and Event Management (SIEM) alerting and firewall blocking. The framework’s modular design assures scalability and adaptability, making it a vital tool for high-volume situations. By overcoming the limits of old approaches and using the power of ML, IP SafeGuard considerably boosts the efficiency and efficacy of current cybersecurity systems. Future work involves expanding the system to enable new threat intelligence sources and studying federated learning for secure and privacy-preserving threat information exchange. |
| format | Article |
| id | doaj-art-8e48c2e4f28242568ff8fbc86a7fb776 |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-8e48c2e4f28242568ff8fbc86a7fb7762025-08-20T03:22:18ZengIEEEIEEE Access2169-35362025-01-0113902499026110.1109/ACCESS.2025.356928911002475IP SafeGuard–An AI-Driven Malicious IP Detection FrameworkAbdullah Al Siam0https://orcid.org/0009-0006-6861-6188Moutaz Alazab1https://orcid.org/0000-0003-2823-4776Albara Awajan2https://orcid.org/0000-0002-8665-1191Md Rakibul Hasan3Areej Obeidat4Nuruzzaman Faruqui5https://orcid.org/0000-0001-9306-9637Department of Software Engineering, Daffodil International University, Daffodil Smart City, Dhaka, BangladeshCybersecurity Department, School of Computing and Data Sciences, Oryx Universal College, Liverpool John Moores University, Doha, QatarDepartment of Intelligent Systems, Faculty of Artificial Intelligence, Al-Balqa Applied University, As-Salt, JordanDepartment of Computer Science and Engineering, Bangladesh University of Professionals (BUP), Dhaka, BangladeshIndependent Researcher, As-Salt, JordanDepartment of Software Engineering, Daffodil International University, Daffodil Smart City, Dhaka, BangladeshThe rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation checks, are no longer sufficient in today’s dynamic threat scenario. To overcome these constraints, we present IP SafeGuard, an AI-driven platform that incorporates multi-source threat intelligence, sophisticated feature engineering, and machine learning (ML)for real-time IP categorization. The framework collects data from AbuseIPDB, VirusTotal, and other sources to compute a Dynamic Threat Score (DTS) for each IP address. It leverages an XGBoost-based classification model to achieve high accuracy and low false-positive rates, even in skewed datasets. Experimental findings indicate the improved performance of IP SafeGuard, with an accuracy of 98.2%, a precision of 97.8%, and a recall of 98.5%. The average detection duration of 45 milliseconds makes it appropriate for real-time SOC integration, enabling automated incident response through Security Information and Event Management (SIEM) alerting and firewall blocking. The framework’s modular design assures scalability and adaptability, making it a vital tool for high-volume situations. By overcoming the limits of old approaches and using the power of ML, IP SafeGuard considerably boosts the efficiency and efficacy of current cybersecurity systems. Future work involves expanding the system to enable new threat intelligence sources and studying federated learning for secure and privacy-preserving threat information exchange.https://ieeexplore.ieee.org/document/11002475/Cyber securitycyber attackIP addressartificial intelligencethreat intelligenceSOC |
| spellingShingle | Abdullah Al Siam Moutaz Alazab Albara Awajan Md Rakibul Hasan Areej Obeidat Nuruzzaman Faruqui IP SafeGuard–An AI-Driven Malicious IP Detection Framework IEEE Access Cyber security cyber attack IP address artificial intelligence threat intelligence SOC |
| title | IP SafeGuard–An AI-Driven Malicious IP Detection Framework |
| title_full | IP SafeGuard–An AI-Driven Malicious IP Detection Framework |
| title_fullStr | IP SafeGuard–An AI-Driven Malicious IP Detection Framework |
| title_full_unstemmed | IP SafeGuard–An AI-Driven Malicious IP Detection Framework |
| title_short | IP SafeGuard–An AI-Driven Malicious IP Detection Framework |
| title_sort | ip safeguard x2013 an ai driven malicious ip detection framework |
| topic | Cyber security cyber attack IP address artificial intelligence threat intelligence SOC |
| url | https://ieeexplore.ieee.org/document/11002475/ |
| work_keys_str_mv | AT abdullahalsiam ipsafeguardx2013anaidrivenmaliciousipdetectionframework AT moutazalazab ipsafeguardx2013anaidrivenmaliciousipdetectionframework AT albaraawajan ipsafeguardx2013anaidrivenmaliciousipdetectionframework AT mdrakibulhasan ipsafeguardx2013anaidrivenmaliciousipdetectionframework AT areejobeidat ipsafeguardx2013anaidrivenmaliciousipdetectionframework AT nuruzzamanfaruqui ipsafeguardx2013anaidrivenmaliciousipdetectionframework |