This scenario is still vary vague, and as Smurf has asked what exactly are we dealing with in regards to OS, firewall, IPS (open source, enterprise).
But in theory this is how I would do it –
First, you will need to find out if your IPS can detect an intrusion and have a script or batch file run. The IPS would then call that script or batch file which would send a command to shut down that ftp daemon or service.
Many firewalls and IPS work together. You can configure your IPS to enable a policy on the firewall that has been pre-configured. The policy would remain dormant until the IPS would call upon it. This policy would simply be to stop traffic to the FTP port.