Recently, network technology had brought a variety of attacks on the Internet, unfortunately, no one is safe in this trend. Network managers try to find the attackers and search for the suspicious behaviors in the network connections to defend their services. Intrusion Detection System (IDS) can help network managers to find out the network attacks, but for some special cases, IDS has its limitation. Proposed system integrated network-based IDS (NIDS) and host-based IDS (HIDS) to detect the suspicious behavior and assess the risk value of each IP. This research is dedicated to separating attacks and suspicious behaviors analysis by network-based IDS and host-based IDS. Furthermore, the proposed system will also find the relations among suspicious IP by using the modified PageRank algorithm and correlate the events to estimate the risk for each IP. The ranking of each IP represent the risk level and network managers can protect the hosts by the ranking. The experiment results show that the proposed system can achieve the goal of managing attack and tracking the suspicious ones. It can help users to take appropriate action in time.