The use of the internet in the business world is making businesses more effective in improving services and cost effeciency. The internet enables computers to connect to each other with external networks. However, it has the risk of intrusion such as unknown IP addresses entering the network, causing slow connections between networks, even making web pages and applications unaccesible. Network security in this case is very important to detect and block intrusions; A solution to network security is needed such as the Unified Threat Management (UTM). One of the functions of UTM is Intrusion Prevention System (IPS), which has the function of analyzing intrusion using methods from database rules and signatures. IPS compares incoming data packets with patterns in database rules and signatures, if it has the same pattern then the package is considered as intrusion and is blocked, if the package does not have the same pattern as the pattern in the database rule and signatures, the data package is not considered as an intrusion. The use of IPS can provide information on intrusion and how to block them, making it easier to improve network security and accuracy in detecting systems infected with DDoS malware in 1000 tests performed, getting accuracy of about 98% with 12 false positives that occur during the experiment.