Abstract: Because of the deep research of network traffic feature, technique of network anomaly detection developed rapidly. So the analysis of network traffic becomes a primary important basement of network anomaly detection. This paper study the traffic distribution feature based on entropy, different from traffic research based on the primary statistical feature, the study object becomes extracted attribute distribution feature. Experiment based on DARPA 99 dataset shows that, compared with proposed method, this kind of means is much more sensitive to anomaly traffic.