This study expands functions of the 〞Campus Information Security Proactive Defense System,〞 adding malicious domain detection/blocking, malicious traffic analysis and alarm mechanism. This study continues the project of 〞Building of Campus Information Security Proactive Defense System based on Threat Intelligence and Network Traffic,〞 continuously integrating external threats, firewall logs, intrusion detection system logs, DNS and NetFlow for analysis, and developing detection/blocking/alerting mechanisms for abnormal traffic, attacks, or malicious attacks. It can detect and block large-scale and wide-range scanning or attacks, DDoS attacks, detect and block malicious domain connections, block abnormal traffic, etc., and automatically alert and notify relevant information for the users and administrator. Then, the result of the detection turns into internal intelligence, which makes it more precise, and apply to the security equipment can effectively reduce the burden on the equipment.