Abstract: To properly afford active security actions a set of software subsystems should be integrated together so that they can automatically detect and appropriately address any vulnerability in the underlying network.The aim of this work is to present integrated model for active security response model. The proposed model introduces Active Response Mechanism (ARP) for tracing anonymous attacks in the network back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed", source addresses. This paper presents within the proposed model two tracing approaches based on: Sleepy Watermark Tracing (SWT) for unauthorized access attacks. Probabilistic packet marking in the network for Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. On the basis of the proposed model a cooperative network security tools such as firewall, intrusion detection system with IP tracing mechanism has been designed for taking a rapid active response against real IPs for attackers. The proposed model is able to: Detect both local and external vulnerabilities. Share the attack Knowledge. Trace attack source IP. Reconfigure the attacked subnetworks.