The popularity of mobile device makes the management of information security a blind spot and more complexity. Traditional firewall is not applicable against wide variety of cyber attacks. Intrusion Prevention System (IPS) is used to supports both diversity attack detection and high processing performance. There are three major intrusion detection methodologies: Signature-based Detection (SD), Statistical Anomaly-based Detection (SAD) and Stateful Protocol Anomaly Detection (SPAD). Each of methodologies has its own advantages, but it only detects a single type attack. In this thesis, Multi-layer Intrusion Prevention Architecture (MIPA) is proposed to integrate SD, SAD, and SPAD methodologies (modules) for preventing multiple type attack. Four IPS systems are implemented to make up for shortage of traditional SD, SAD and SPAD module base on MIPA architecture. First, VoIP IPS with hierarchical architecture of SAD and SPAD modules is proposed. SAD is used to offload SPAD loading to increase VoIP IPS processing performance. And Profile Analysis (PA) module is proposed to decrease SAD false positive ratio by updating SAD profile threshold based on SPAD results. If the attack traffic rate is 20% of all traffics, the processing speed of VoIP IPS system will increases 8.89% than the system without SAD module. And 60% attack traffic rate will increase about 50% processing speed. VoIP IPS throughput is up to 2.66Gbps. And an Email IPS integrated with SAD and SPAD modules to protect both email attack and spam mail is proposed. The detection accuracy of email attack and spam mail is 95.4% and 91.1% respectively. Then, Email IPS integrated with Virus Detection Engine to support full protection in detecting both behavior-based attack and content-based attack. The throughput of Email IPS is up to 4.12Gbps. Final, a Snort Rule Accelerator (SRA) integrated with SAD and SD is proposed. SAD is used to offload the loading of SD and increases the processing speed of SRA. The throughput of SRS is up to 13.9Gbps and is available to support intrusion prevention in 10Gbps core network. After all, the proposed MIPA architecture is a foundation of Unified Threat Management (UTM) solution. Each module is deployed to support fully multi-layer network protection. The proposed architecture improves the deficiencies of each intrusion detection method and enhances the advantages of each method. It is able to balance the strengths and the weaknesses of each method in MIPA architecture.