Abstract:Complex malicious activities in the Internet are jointly performed by IP address clusters. It has become an important research direction to find malicious IP clusters by processing data collected in the network. An IP blacklist association clustering algorithm (IPBACA) is proposed in the paper, in which first constructs an IPIP undirected graph, and then uses measurement statistical correlation to measure the correlation between IP blacklist and IP, and uses the given IP blacklist to find the best threshold worthy of malicious clusters, and judges its standardized residuals whether it is up to standard, it finally identifies a malicious cluster with high precision. The simulation results show, compared with ICAMO algorithm, CAIIB algorithm and DABR algorithm, the IPBACA algorithm proposed in this paper has a significant improvement in the four main performance indicators of precision, recall, F1 and normalized mutual information, and significantly improves the detection ability of malicious clusters.