A Network-Based Intrusion Detection And Prevention System With Multi-Mode Counteractions

Recently, as result of dramatic connectivity between devices from a computer to mobile systems, security of information and availability of the services become more and more challenging. Along with raising the number of novel attacks, many types of countermeasures have taken place to stop them. One of the most efficient methods to stop network attacks is using IDS/IPS Systems. The ultimate goal of an IDPS system is to stop security attacks before they have been carried successfully.This paper proposed an efficient network-based IDPS System which takes multiple counteractions against network attacks. The proposed system's first reaction after detecting malicious packets is to generate an alert and log them; if the number of packets goes beyond threshold limit in one second, the second counteraction takes place to block the attackers IP address through firewall. Finally, if the system fails to block these packets, the third counteraction takes place to remotely stop the corresponding service. In this case the system prevents an attack from being successfully carried.