How to timely and precisely identify attack behaviors in network without dealing with a large number of tra±c features and historical data, such as training data, is an important research work in the¯eld of network security. In this paper,¯rstly, the di®erences between Renyi entropy and Shannon entropy are analyzed and compared. In order to capture network tra±c changes exactly, Renyi entropy instead of Shannon entropy is proposed to measure selected tra±c features. Then EWMA control chart theory is used to check Renyi entropy time series for detecting and screening anomalies. And three kinds of network attacks are also analyzed and characterized by behavior feature vector for attack identi¯cation. Finally a feature similaritybased method is used to identify attacks. The experimental results of real tra±c traces show that the proposed method has good capability to detect and identify these attacks with less computation cost. To evaluate attack identi¯cation method conveniently, an approach is proposed to generate simulated attack tra±cs. Compared with Shannon entropy-based method, the experiments on simulation tra±cs show that Renyi entropy-based method has much higher overall accuracy, average precision and average true positive rate. Further comparison indicates the proposed method has more powerful performance to detect attacks than PCA-based method.