After the development of the network, the information can reach anyone anywhere at any time on the Internet. It increases more convenience. At the same time it becomes more harmful for the information privacy and confidentiality security. It is because that the confidential or private information can be stolen easily. To governments, this concern is about the national security level. To businesses, it could cause losses of their benefits and reputation. Nowadays, the information security is regarded as the most important issue for governments, businesses, and also individual users. Unfortunately, the malware increases rapidly every year. Since a large number of malwares spread via the Internet, it has made users face privacy data leakage incidents. By using alternate data streams (ADSs) features in NTFS, the files can be hidden in the operating system. Especially, the attackers will embed malware to the victims’ system by using ADSs when the attacker launches attack. Windows “Explorer” and the “dir” command-line application can’t list ADSs. For the managers and general users, it is hard to find it in this situation. The confidential or private information is under a serious threat in an unknown condition. On the other hand, the ADSs can be transmitted to the other on Internet by the compressed file. Thus, ADSs have threats of information security. In order to solve the hidden attack problems of the malicious program via the ADS, we will propose a method with new procedure, design the system architecture and process by using unified modeling language and develop active detection system for ADS. It can compensate for the lack of anti-virus software that detect malicious ADSs and enhance the system security for small and medium-sized enterprises and general users.