and implemented as a preprocessor module for the open source Snort Intrusion detection and prevention System (IDS/IPS). © 2011 Alcatel-Lucentoccasionally become, themselves, the cause of operating system damage and denial of service [6,14]. At the same time, the effectiveness of centrally-placed intrusion detection and prevention systems (IDS/IPS), which attempt to discover infected systems and attacks by monitoring the aggregate traffic of many end systems, continues to diminish with the growth in traffic volume, and with the increasing sophistication of malware and the botnets within which they operate [2,13]. Signature-based solutions will always lag behind the deployment of new malware variants and attempts at achieving zero-day detection and prevention of malware have had disappointing results.Although one can reduce the frequency of attack with firewalls, IDS/IPS, and host-based protections,