The invention belongs to the technical field of network security and discloses an extension defense method based on network intrusion. According to actual situations of intrusion behaviors of intruders, intentions and purposes of the intruders are analyzed and judged by building a trap network, related trap network node devices constituting the trap network are disconnected or connected or added or removed in real time, therefore, targets to which the intruders pay attention are changed, the intrusion priorities are changed, bait resource deployment and configuration are changed, objects intruding and percolating into the network are controlled, and delaying, monitoring, tracking, analyzing, source tracing and evidence obtaining are conducted on intrusion processes of the intruders. According to the method, an existing network can be built or deployed completely, the active defense capability of the network can be further enhanced, and the method is a novel, deep and multi-dimensional network defense strategy.