The varieties of network applications provide convenient services to users and create many commerce markets. However, lots of network hacking activities have been attacking the services and cause extensive damage and inconvenience. It is very important for network managers to protect the services and improve the QoS and the security. Many network intrusion detection systems are developed to protect the services. Systems only using single signature to detect the abnormal behaviors achieve limited accuracy. In this paper we use multivariate statistical processes control scheme, MSPC, to establish the control chart. The network traffic data were collected from Ming Chuan University. The dataset are stored in Netflow format and dated from 2012/05/15 to 2012/06/22. Two parameters: packet numbers and packet octets are computed to create the MEWMA control chart to monitor the traffic behaviors. We use NS2 simulation to generate normal and abnormal traffic data to determine the parameters h and λ values for the control chart. False positive rate and false negative rate are computed for different combination of parameters. The results show that the false positive rate is less than 10% and the false negative rate is between 0% and 0.63% when minimizing false negative rate and λ=0.9, h=50~70. Finally, we develop an offline-based network analysis system using NetFlow's logs to detect abnormal traffic in network activities.