In the face of more and more complex and unpredictable network security threats, although an increasing number of security products have been deployed in personal computers, application servers and networks, we are still in a passive embarrassment. How to detect and response to network security threats immediately before threats occur or reach the target system is a key issue to solve current security threats. Based on further study of classical PDR protection model and analysis of current network security threats, idea of solving network information security problems is changed from passive protection to the active controllable defense, and Zero-PDR model based on Trojan attack characteristic is proposed. Active Controllable Defense model based on Zero-PDR model is further proposed, which can avoid Trojan attack and the first time attack effectively.