With rapid growth of Internet, it’s more convenient for technical research and information exchange. However, network incidents, such as network attack, network invasion, network virus and spam mails, also occur more frequently and severely than ever. The incident of Code Red worms is a typical example. In this paper, we call these behaviors which disturb normal operations of networks as “Network Security Incidents.” These network security incidents could, in a very short time, damage the network and information structure. They have become vital threats to network security. Therefore, it is important for the network operation center to stop the spreading of network security incidents and avoid the abuse of network resources. To reduce the impact caused by network security incidents, it is desired to isolate infected hosts from the network. In this paper, we proposed a standard operation procedure to handle network security incidents. Based on this standard operation procedure, we have designed and implemented an intelligent defense system against network security incidents. The intelligent defense system will automatically detect and isolate infected hosts from the network. The results show that it can stop the wide-spreading of network security incidents efficiently.