This paper mainly propose a service of network security defense provide by the network service provider, and the service system is built on the original ISP network structure, the security decisions center build on the ISP’s core network which is making the policy decisions of security event, and built a defense system on border routers to form a secure domain called security domain, the service provider will join the user who is using the service to the security domain, through the defense system to network traffic monitoring and filtering malice package to provide users of network security threat defense services. Using Service Level Agreements (SLA) to represent users’ needs, so that users can choose services according to their needs, network security defense system provide different type of defense services based on user needs. Finally, we analyze the usage of the defense resource, furthermore we formulate the mechanisms of policy for the client’s needs, and how to allocate resources in the case of resource saturation for the defense to satisfy service providers obtain the best benefits of the service strategy, and design the mechanism of resource management.