Internet applications continued to expand time over time. And all types of network attacks and destruction are increasing day by day. Which of one, the DDoS attacks have become the most popular one of the attacks because of their covert technology, high efficiency and network attacks? It poses a serious threat to the security of web servers. For example, large-scale DDoS attackers had attacked many of the world''s major e-commerce sites, such as Yahoo!Ò, AmazonÒ, eBayÒ, CNNÒ and so on.. So network security has become an important part of global information security. In the process of research, we had discovered the difference of DDoS attack from the normal flow of the multi-dimensional statistical field characteristics. This paper designed and implemented a network processor-based real-time detection and control system module. The system monitors network traffic through the analysis of their network and multi-bit ratio. It also got the descriptions of the current flow structure parameters, pre-training with the normal parameters to be compared and the according to both determine whether the degree of deviation from the abnormal, and then proceed to the corresponding queue control. That will achieve DDoS attack detection, prevention and the protection of the back-end network or server purposes. This article realized this system’s multivariate statistical sub-modules including the design and statistics for analysis of the data packets, statistics and unusual markings. Simulation and experiments showed that multivariate statistical anomaly detection module and control module could provide a more comprehensive and accurate statistical information. In the face of a variety of common DDoS attacks, it can quickly detect and control to achieve more comprehensive intrusion detection and defense system requirements. The system has high-performance processing capability and suitable to deploy on the Internet key import and export points through a strongly safety maintenance on network.