Systems and methods are provided to implement a moving target defense for a server computer. The server computer can be provided both a permanent IP address and a temporary IP address. The temporary IP address can be used when communicating with client computers connected to the server computer. The temporary IP address can be dynamically changed at a predetermined interval that can be varied based on conditions at the server computer. An intrusion detection system can be used with the moving target defense systems and methods to identify attacks on the server computer based on the temporary IP address(es) provided by the server computer. When an attack is identified, the corresponding client computer is determined based on the temporary IP address and the client computer is placed on a blacklist that is not provided with new temporary IP addresses when the server computer changes temporary IP address.