Anomaly detection is a very active area of IDS. As a network measurement tool, anomaly detection plays an important role for a header statistical information in many network management tasks. Assembling the information of network packets can effectively constitute the network traffic measurement metrics. Extracting a specific subset from the metrics can be used to describe the flow of network attack characteristics. If these metrics show a relatively stable performance when there is no attack and a relatively sensitive manner when the attack occurs, they can be used to judge the attacks.And the redundant features are deleted by the use of principal component analysis and information gain.It can reduce spending and increase realtimeness. The classifier based on machine learning is an effective judgment method of the anomaly caused by network attacks.According to the selected metrics,we design three classifiers.