Copyright © 2018 Authors. This is an open access article distributed under the Creative Commons Attribution License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. International Journal of Engineering & Technology, 7 (4.15) (2018) 55-58 International Journal of Engineering & Technology Website: www.sciencepubco.com/index.php/IJET Research paper Comparative Study of Traditional and Next Generation IPS Mohammed Nadir Ali 1 , Madihah Mohd Saudi 2,3 *, Touhid Bhuiyan 1 , Azreena Abu Bakar 2 1 Daffodil International University, Dhaka, Bangladesh 2 Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Malaysia 3 CyberSecurity and Systems Research Unit, Islamic Science Institute (ISI), Universiti Sains Islam Malaysia (USIM), Malaysia *Corresponding author E-mail: madihah@usim.edu.my Abstract Currently, cyber threats and attacks become a main concern among Internet users. To detect and prevent new and unknown attacks, an intelligent intrusion prevention system (IPS) which is better compared with traditional systems is needed. Furthermore, the Next Genera- tion Intrusion Prevention System (NIGPS) is more suitable that could provide an intelligent IPS solution for new and unknown attacks. Therefore, this paper presents the limitation of traditional IPS systems, a comparison between IPS and NIGPS and proposes an enhanced model for NIGPS. Keywords: Detection; Intrusion Prevention System (IPS); Model; Next Generation Network Intrusion Prevention System (NGIPS). 1. Introduction With Next Generation Intrusion Prevention System (NGPIS) is designed to provide wide protection of vulnerabilities, especially at the application layer. It controls the behavior of applications. It also allows access and provides real-time protection. A traditional IPS was designed to identify the known attacks. Traditional IPSs are black boxes that offer little visibility into the protection being offered, but NGIPS will go way beyond the signature-based pro- tection. However, a next-generation IPS includes network security beyond detection and prevention. It has the capability of visibility, custom rules, vulnerability-based protection and is able to analyze the network attack behavior. The existing technologies are vulnerable to smart cyber-attacks and very limited to guarantee growth and safety of networks. NGIPS offers comprehensive threat security that blocks intrusions and safeguards valuable assets [1]. NGIPS makes use of an inno- vative multi-layer approach. It helps to figure out known, 0-day, and advanced persistent threats. It also defends network from worms, spyware, malware, Trojan horse, brute force attacks, pro- tocol attacks, and web threats. Many organizations presently allow their employees to use smart devices, such as smartphones, and popular community applications and social networks for work to increase employee productivity. The growing rate of security incidents suggests that the threat landscape in information security is taking new shape and tradi- tional technologies cannot protect them against the new generation threats. New generation threats are generally 0-day vulnerability- based attacks that concentrate on unique victims. Conventional security technologies are slow to create signatures, hence giving attacks sufficient time to cause excessive harm. Furthermore, at- tackers might also customize the attack for the target’s surround- ing which may cause the attack to remain undetected for a long time. The increasing number of attacks proves that obsolete tech- nologies cannot help organizations to protect themselves from new generation attacks. Organizations now need an updated IPS with provisions for improved inbuilt systems to fight away the new challenges and threats in the foreseeable future automatically. The new Generation Intrusion Prevention System (NGIPS) is designed to cope with such unpredictable challenges and cyber threats of the new millennium. Internet Internet Router Intrusion Prevention System Firewall Users System All packet pass through the IPS Fig. 1: Basic IPS Figure 1 shows the basic IPS model. The first commercially avail- able network intrusion detection system was released in the mid 1990’s. The current industry perceptions of “next generation” intrusion prevention systems are essentially traditional IPS capa- bilities with the addition of application and identity awareness [1]. In the Internet world, network security is playing a vital role. A number of tools and devices have already been developed to com- bat malware attacks or any sort of malicious network activity in order to ensure the computer and network security. The security frameworks have been constantly changing since the beginning of the journey of the IT. With such continuous systemic changes hackers have been changing their hacking tactics with increasing capabilities. Hence, the new Generation Prevention Systems must keep on guard to cope with unforeseen problems