If the infected condition of each network node can be determined when the DDoS attacks start to spread, the attacked area can then be restricted and isolated. The paper proposed the Active DDoS Defense System (ADDS) that utilizes the advantage of Active Networks, fast on distributing policies, to detect every node gradually and divide the whole network into three areas: safe area, uncertain area and attacked area. Then repair the vulnerability of each network node by delivering virus pattern using active packets. Finally, the whole network topology can be divided into safe area and attacked area, and thus the DDoS attacks will be restricted and isolated. Simulation results show that ADDS is able to increase network survival time for 224%, and decrease the ratio of CPU time wasted by undetected attacks for 34.58%. But ADDS also increase the legal traffic dropped rate to 8.12%.