IP SafeGuard–An AI-Driven Malicious IP Detection Framework

IP SafeGuard–An AI-Driven Malicious IP Detection Framework

<table><tr><td><p dir="ltr">The rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation...

Full description

Saved in:
Bibliographic Details
Main Author: Abdullah Al Siam (22502732) (author)
Other Authors: Moutaz Alazab (17730060) (author), Albara Awajan (20083410) (author), Md Rakibul Hasan (15236749) (author), Areej Obeidat (22502735) (author), Nuruzzaman Faruqui (19748945) (author)
Published: 2025
Subjects:
Information and computing sciences
Artificial intelligence
Cybersecurity and privacy
Data management and data science
Machine learning
Cyber security
cyber attack
IP address
artificial intelligence
threat intelligence
SOC
cyber defense
Threat assessment
Accuracy
Feature extraction
Computer security
Silicon
Scalability
Computer viruses
Blocklists
Real-time systems
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1864513533694181376
author Abdullah Al Siam (22502732)
author2 Moutaz Alazab (17730060)
Albara Awajan (20083410)
Md Rakibul Hasan (15236749)
Areej Obeidat (22502735)
Nuruzzaman Faruqui (19748945)
author2_role author
author
author
author
author
author_facet Abdullah Al Siam (22502732)
Moutaz Alazab (17730060)
Albara Awajan (20083410)
Md Rakibul Hasan (15236749)
Areej Obeidat (22502735)
Nuruzzaman Faruqui (19748945)
author_role author
dc.creator.none.fl_str_mv Abdullah Al Siam (22502732)
Moutaz Alazab (17730060)
Albara Awajan (20083410)
Md Rakibul Hasan (15236749)
Areej Obeidat (22502735)
Nuruzzaman Faruqui (19748945)
dc.date.none.fl_str_mv 2025-05-29T12:00:00Z
dc.identifier.none.fl_str_mv 10.1109/access.2025.3569289
dc.relation.none.fl_str_mv https://figshare.com/articles/journal_contribution/IP_SafeGuard_An_AI-Driven_Malicious_IP_Detection_Framework/30454916
dc.rights.none.fl_str_mv CC BY 4.0
info:eu-repo/semantics/openAccess
dc.subject.none.fl_str_mv Information and computing sciences
Artificial intelligence
Cybersecurity and privacy
Data management and data science
Machine learning
Cyber security
cyber attack
IP address
artificial intelligence
threat intelligence
SOC
cyber defense
Threat assessment
Accuracy
Feature extraction
Computer security
Silicon
Scalability
Computer viruses
Blocklists
Real-time systems
dc.title.none.fl_str_mv IP SafeGuard–An AI-Driven Malicious IP Detection Framework
dc.type.none.fl_str_mv Text
Journal contribution
info:eu-repo/semantics/publishedVersion
text
contribution to journal
description <table><tr><td><p dir="ltr">The rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation checks, are no longer sufficient in today’s dynamic threat scenario. To overcome these constraints, we present IP SafeGuard, an AI-driven platform that incorporates multi-source threat intelligence, sophisticated feature engineering, and machine learning (ML)for real-time IP categorization. The framework collects data from AbuseIPDB, VirusTotal, and other sources to compute a Dynamic Threat Score (DTS) for each IP address. It leverages an XGBoost-based classification model to achieve high accuracy and low false-positive rates, even in skewed datasets. Experimental findings indicate the improved performance of IP SafeGuard, with an accuracy of 98.2%, a precision of 97.8%, and a recall of 98.5%. The average detection duration of 45 milliseconds makes it appropriate for real-time SOC integration, enabling automated incident response through Security Information and Event Management (SIEM) alerting and firewall blocking. The framework’s modular design assures scalability and adaptability, making it a vital tool for high-volume situations. By overcoming the limits of old approaches and using the power of ML, IP SafeGuard considerably boosts the efficiency and efficacy of current cybersecurity systems. Future work involves expanding the system to enable new threat intelligence sources and studying federated learning for secure and privacy-preserving threat information exchange.</p><h2>Other Information</h2></td></tr></table><p dir="ltr">Published in: IEEE Access<br>License: <a href="https://creativecommons.org/licenses/by/4.0/deed.en" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2025.3569289" target="_blank">https://dx.doi.org/10.1109/access.2025.3569289</a></p>
eu_rights_str_mv openAccess
id Manara2_751fedf20d4a817397d80b030bfa9c82
identifier_str_mv 10.1109/access.2025.3569289
network_acronym_str Manara2
network_name_str Manara2
oai_identifier_str oai:figshare.com:article/30454916
publishDate 2025
repository.mail.fl_str_mv
repository.name.fl_str_mv
repository_id_str
rights_invalid_str_mv CC BY 4.0
spelling IP SafeGuard–An AI-Driven Malicious IP Detection FrameworkAbdullah Al Siam (22502732)Moutaz Alazab (17730060)Albara Awajan (20083410)Md Rakibul Hasan (15236749)Areej Obeidat (22502735)Nuruzzaman Faruqui (19748945)Information and computing sciencesArtificial intelligenceCybersecurity and privacyData management and data scienceMachine learningCyber securitycyber attackIP addressartificial intelligencethreat intelligenceSOCcyber defenseThreat assessmentAccuracyFeature extractionComputer securitySiliconScalabilityComputer virusesBlocklistsReal-time systems<table><tr><td><p dir="ltr">The rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation checks, are no longer sufficient in today’s dynamic threat scenario. To overcome these constraints, we present IP SafeGuard, an AI-driven platform that incorporates multi-source threat intelligence, sophisticated feature engineering, and machine learning (ML)for real-time IP categorization. The framework collects data from AbuseIPDB, VirusTotal, and other sources to compute a Dynamic Threat Score (DTS) for each IP address. It leverages an XGBoost-based classification model to achieve high accuracy and low false-positive rates, even in skewed datasets. Experimental findings indicate the improved performance of IP SafeGuard, with an accuracy of 98.2%, a precision of 97.8%, and a recall of 98.5%. The average detection duration of 45 milliseconds makes it appropriate for real-time SOC integration, enabling automated incident response through Security Information and Event Management (SIEM) alerting and firewall blocking. The framework’s modular design assures scalability and adaptability, making it a vital tool for high-volume situations. By overcoming the limits of old approaches and using the power of ML, IP SafeGuard considerably boosts the efficiency and efficacy of current cybersecurity systems. Future work involves expanding the system to enable new threat intelligence sources and studying federated learning for secure and privacy-preserving threat information exchange.</p><h2>Other Information</h2></td></tr></table><p dir="ltr">Published in: IEEE Access<br>License: <a href="https://creativecommons.org/licenses/by/4.0/deed.en" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2025.3569289" target="_blank">https://dx.doi.org/10.1109/access.2025.3569289</a></p>2025-05-29T12:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1109/access.2025.3569289https://figshare.com/articles/journal_contribution/IP_SafeGuard_An_AI-Driven_Malicious_IP_Detection_Framework/30454916CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/304549162025-05-29T12:00:00Z
spellingShingle IP SafeGuard–An AI-Driven Malicious IP Detection Framework
Abdullah Al Siam (22502732)
Information and computing sciences
Artificial intelligence
Cybersecurity and privacy
Data management and data science
Machine learning
Cyber security
cyber attack
IP address
artificial intelligence
threat intelligence
SOC
cyber defense
Threat assessment
Accuracy
Feature extraction
Computer security
Silicon
Scalability
Computer viruses
Blocklists
Real-time systems
status_str publishedVersion
title IP SafeGuard–An AI-Driven Malicious IP Detection Framework
title_full IP SafeGuard–An AI-Driven Malicious IP Detection Framework
title_fullStr IP SafeGuard–An AI-Driven Malicious IP Detection Framework
title_full_unstemmed IP SafeGuard–An AI-Driven Malicious IP Detection Framework
title_short IP SafeGuard–An AI-Driven Malicious IP Detection Framework
title_sort IP SafeGuard–An AI-Driven Malicious IP Detection Framework
topic Information and computing sciences
Artificial intelligence
Cybersecurity and privacy
Data management and data science
Machine learning
Cyber security
cyber attack
IP address
artificial intelligence
threat intelligence
SOC
cyber defense
Threat assessment
Accuracy
Feature extraction
Computer security
Silicon
Scalability
Computer viruses
Blocklists
Real-time systems

Similar Items