You can try using VPC ACL, so what happens, ELB inside the VPC can use the Security Group but they should only specify the traffics that you allow in and out for the ELB. Now to block the traffic coming from a specific IP, ACL would be better. For this, to work a pair of public & internal Load balancers need to be used with the internal load balancer protected by the subnet ACL "deny" rules.
Do checkout AWS Training to learn more about AWS.
Do check out the video tutorial on Elastic Load Balancers.