By making full use of the security features of intrusion detection products, this paper designs an intrusion prevention and recovery system architecture based on policy shunt. The system uses the double NIDS system as the front-end detection module, making the double NIDS system completely cover the various protocol layers of intrusion detection by policy shunt and gives full play to the advantages of both NIDS detection system to achieve the high-efficiency intrusion detection. In addition, the system combines with the host logs protection mechanisms and the key recovery mechanisms. Therefore, even in the case of intrusion and data destruction, the system can ensure the security of the critical parts in the system.