The situation of present network security is becoming rigorous day by day，the traditional security technologies such as firewall, intrusion detective system have some kinds of defects, that is, they cannot identify the unknown intrusion pattern effectively, the honeypot technology as a proactive defense method also has its own limitations. As to the defaults of the above every single technology and from the angle of active defense, the paper builds up an Intrusion deception architecture based on network active defensive security model, and simultaneously designs an interface system among the honeypot, firewall and the IDS to overcome the default that the firewall can not perform unreal time detection. This can decrease the false alarm and leaking alarm of IDS, make up the deficiency and unleash the superior of each method, thus, the proactive defense capacity of the network systems is enhanced. The paper also gives out a finite state auto-machine model, simulates the basic functions of the intrusion deception system, which provide a theory and reasoning supplement for the system's action description and architecture design.