Illegal traffics on network can be actively detected by network security monitor An advanced system is given which can capture network data stream and intercept malicious attack, so as to alarm or take response action in real-time. The system is composed by sniffer, monitor control center, remote management unit,etc. Attack activities under surveillance can be distinguished by two methods,which are rule based method and statistics based method. Intrusion recognition by sniffer is the key technology of the system. In addition, dilemma between real-time data stream and high inquiry speed, as well as dynamic addition of attack rules contributes to the main concern of system design. Backdoor of The system can be self detected, while intelligent analysis and bi-directional surveillance ability has also been implemented. With all these advance features, the system is presented not only as a strong assistant to traditional network security products, but also an important tool for counter-fighting with rampant network intrusion nowadays.