Abstract: Exploit automation and massive global scanning for vulnerabilities enable adversaries to compromise computer systems shortly after vulnerabilities become known. Traditional honeypots have shortcomings to deal with these problems because their signatures can be inspected. Aiming at current research state, the paper constructs an Active Network Security System (ANSS) from another point of view, i.e., ANSS situated in a real network circumstance. ANSS is the same as other systems in Internet, and it can capture actions of hacker from beginning to end. The simulation results indicate that ANSS can elevate networks security performance to a higher level and ANSS has important impact on forecast and monitor attack activities.