本文提出构建基于网络协议的异常流量识别模型，结合网络协议分析、网络入侵检测技术等对网络数据层进行解析，通过对频繁IP 地址进行聚集发现网络中的异常流量IP 地址集合，统计出异常数据包。通过DDOS攻击实验结果分析得出，该模型具有较高的识别能力，并且在处理效率和计算强度方面都有很好的表现。

This paper presents the abnormal traffic identification model based on network protocol; analyzes the network data layer combining with network protocol analysis and network intrusion detection technology; discovers the abnormal traffic IP address set through frequent IP address clustering, and counts the amount of abnormal data packets. With the simulation test of DDOS attack, it is proved that the model has high recognition ability and has good performance in terms of efficiency and calculation.