As the popularity of computer applications and the rapid development of Internet technology, more and more users transmit or store important information through the internet. However, with the increase in the users, accompanied by hacker attacks, hacking techniques are diverse and constantly updated. Intrusion Detection System (IDS) is most commonly used to protect the system security. This paper is based on the research, the Virtual Machine Monitor Based Extensible Intrusion Prevention System (VMM-EIPS), we have expanded its modularized architecture to enable misuse detection and abnormal detection. We have also designed and implemented new functional components for the detection of IDS evasion attacks and TCP SYN flood attack with non-forged IPs. The system is then renamed to EIPS^+. Besides, we have also added reaction mechanisms into EIPS^+ to make its intrusion prevention and responding to attacks more complete. Our EIPS+ is implemented as a Linux kernel module which is registered and mounted at the PREROUTING hook of Netfilter, i.e. Linux kernel's network subsystem for packet filtering and processing. It can examine all network packets incoming to the system. The experimental results show that our newly developed detecting components can effectively detect the associated IDS evasion attacks, and detect whether the system is under TCP SYN flood attack with non-forged IPs. Compared with the well-known open-source IDS - Snort, the system performance with EIPS^+ degrades only 0.9%~3.9%, whereas, because EIPS^+ does not need to switch protection domains and reduces the packet copy operation, so it obtains better performance. With Snort system performance degrades 6.8%~20.6%.