With the internet technology and applications continuously and rapidly advancing, the methods of internet hacking and attacks are also constantly evolving and changing. Therefore, the security of information systems and effective intrusion detection systems have become important issues. Most of traditional Intrusion Detection System (IDS) utilize the misused detection technology which have high accuracy and low false judgment rate as basis, but the disadvantage of IDS is the signature database needs to be updated constantly so it can cope with a variety of malware attacks and it is not capable of detecting and blocking anonymous cyber attacks. In this thesis, we attempt to overcome above issues by using data exploration technology, data-mining, machine learning and Random Forest algorithm to build a training model and we use this model as the core classification tool for anomaly network traffic detection system to recognize and detect attacks. These experiments were performed on the real network environment. We collect traffic logs from firewall network as data sets. In our experiments, this proposed method can achieve much higher accuracy than other methods. The training model we built can detect abnormal traffic in the real network environment with an accuracy of more than 95%. Keywords：Intrusion Detection System (IDS), Anomaly Network Traffic Detection, Date Mining, Random Forest.