FIPS: FIRST Intrusion Prevention System

Intrusion Prevention Systems try to actively disarm attacks on computer systems and networks. In this work, we introduce the network based FIRST Intrusion Prevention System (FIPS) which is capable of detecting novel attacks and contain them effectively. This inline device operates by redirecting anomalous packets to a specially hardened shadow system or logging them to a so-called forensic sink for further examination. Both the offline and real life evaluation of the implementation shows that the system yields very high accuracy rates and is faster than comparable standard solutions. Efficient retraining procedures are introduced to readjust the anomaly detectors after some time of deployment to further boost the accuracy for real life tasks.