The access multiplexer (DSLAM) according to the present invention incorporates a remote host-based intrusion detection system (RHIDS) to detect malicious activity on a large amount of access subscriber connected to the access multiplexer by remotely analyzing systems integrity and statistical behaviors of those access subscribers, and eventually also incorporates a network-based intrusion detection system (NIDS2) to detect malicious activity on all access subscribers (S21, S22 . . . S2N) connected to the access multiplexer by analyzing incoming and outgoing traffic for attack signature patterns.