Zubair Md. Fadlullah, Tarik Taleb, and Nei Kato
Publication year: 2015 (to appear)

The ever growing use of network-based as well as host-based applications over today’s Internet demands adequate safeguards against potential threats such as probes, IP spoofing, spams, Denial of Service (DoS) attacks, and spread of worms. In combating against these unauthorized accesses and malicious attacks, network and host based Intrusion Detection Systems (IDSs) play a crucial role. IDSs are usually passive monitoring entities that attempt to identify illicit and anomalous behavior of accesses to resources. However, their more authoritative counterparts, namely the Intrusion Prevention Systems (IPSs) have not enjoyed as much attention in literature. IPSs are gradually becoming popular which actively block the potentially malicious network traffic and host accesses. When an intrusion is detected, there may be a significant latency between the detection and the availability of a permanent solution for specifically fixing the vulnerability that led to the intrusion in the first place. In this chapter, we describe a variety of intrusion prevention mechanisms to deter these threats over such time-durations. Along the way, we delineate the deployment architectures of IPSs. For instance, we elucidate the differences in network-based and host-based intrusion prevention architectures so that a reader can readily compare them and choose an approach that may suit his/her requirements. We also present an overview of recent research works that have focused on combining different functionalities such as attack detection, deflection, filtering, alert generation, and traceback operations at the monitoring entity level. To this end, we include a number of case studies to offer the readers the state-of-the-art intrusion prevention approaches as extensions to IDSs along different directions. We address technical, legal, and privacy issues that may arise from adopting such techniques. Finally, we identify the future trends in research within this domain.