— The recent surge of new viruses and host attacks in the Internet and the tremendous propagation speed of selfdistributing attacks has made network security a pressing issue. To protect an end-system, it must continuously be patched and additional security tools like an Intrusion Prevention System (IPS) are needed. The main problems are the effort for the users and network performance: The last years have shown that many users neither maintain their computers nor run an IPS. Accordingly, their systems remain vulnerable. On the other hand, the operation of an IPS inevitably decreases network performance as all packets are analyzed for malicious content before being forwarded. We recently proposed the operation of a flexible overlay network of intrusion prevention systems running on top of programmable routers to mitigate these issues. With this architecture, security services can be dynamically distributed in the network. In this paper, we leverage this flexibility for minimizing t...