(The rapid growth of the number of security vulnerabilities Patch development lags far behind the development of exploits The threat of malicious code emerges and spreads faster and faster The increasing complexity of IT resources and usage and then the formation of the use layer The negative impact of threats is increasing Large, as well as the emergence of the Sarbanes-Oxley Act, the demand for network flow statistics is increasingly urgent. The traditional intrusion/intrusion detection system solution is no longer sufficient.)