<![CDATA[The growing dependence on internet connectivity has heightened cybersecurity threats through malicious domains that facilitate malware, phishing, and botnet operations. These threats significantly impact individuals and organizations, particularly in Internet Service Provider (ISP) settings. Domain filtering on firewalls is a common defensive strategy, yet its effectiveness remains underestimated in large-scale ISP settings. Previous studies have not focused specifically on security systems commonly employed by ISPs, impeding practical adoption. The research contributions are: (1) developing a cost-effective malicious domain filtering approach specifically designed for ISP environments requiring minimal infrastructure investment, and (2) providing quantitative evidence of how blacklist-based filtering impacts both security effectiveness and network performance. The methodology employs alternating firewall states over four time periods to collect metrics including connection flow, bandwidth utilization, and packet rate. Results demonstrate that malicious domain filtering improves security while causing a 2.49% increase in total connection flow due to retry mechanisms. This process yields a 24.5% reduction in total bytes transferred, 10.5% decrease in packets sent, 22.58% reduction in bandwidth, and 8.81% decrease in packet rate. The study identified 1,919 malicious IP addresses blocked from 1,090 user attempts to access harmful domains. These findings confirm blacklist-based domain filtering strengthens security and enhances bandwidth efficiency by mitigating unwanted traffic. This approach is particularly relevant for ISPs, providing a cost-effective solution that balances cybersecurity with optimized network performance, allowing organizations to protect users while maintaining operational effectiveness.]]>
Copyrights © 2025
