With the network development, increasing new applications bring more conveniences to peoples network life, but also cause more security risks. When users access the Internet, worms, Trojan horses, and other viruses may be introduced accidentally from the Internet and cause confidential data leak and huge losses to enterprises. To protect the internal network security, enterprises need to identify and monitor traffic contents by controlling traffic sources and destinations.

Traditional firewalls only reject suspicious network traffic but allow the other traffic to pass through, so the firewalls can do nothing about many types of intrusions and attacks. Most intrusion detection systems (IDSs) are passive and cannot actively prevent attacks ， that is, before the attack actually occurs, they are often unable to issue an alert. The intrusion prevention system IPS is inclined to provide active protection. The purpose of the design is to intercept the intrusion activity and attack network traffic in advance, avoid the loss, they generate alarms upon malicious traffic transmission or after malicious traffic transmission is complete.

An intrusion prevention system (IPS) is a security mechanism. IPS detects intrusion behavior (such as buffer overflow attacks, Trojan horses, and worms) by analyzing network traffic, and terminates the intrusion behavior in real time through certain response methods. This protects enterprise information systems and network architectures against intrusions. IPS can prevent attacks or intrusions at the application layer such as buffer overflow attacks, Trojan horses, and worms.