An intrusion detection and prevention device includes a retaining unit retaining at least one of attack suspicion threshold values of which levels are different from each other in order to detect a denial-of-service attack, and an attack determination threshold value, a detecting unit detecting an attack suspicion state when a frame count in the attack detection target flow exceeds the attack suspicion threshold value, and detecting an attack determination state when the frame count exceeds the attack determination threshold value, a notifying unit notifying of the attack suspicion state together with the corresponding flow information when the attack suspicion state is detected, a judging unit judging, based on a reliability level of at least one of the frame source terminal and the flow, whether the flow is blocked or not when notified of the attack suspicion state, and a requesting unit making a screening request together with notification of the corresponding flow information when the attack determination state is detected.