Abstract: The opening of Internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to network security. Security issues have evolved into the key problem of information times. SYN flood is one of deny of service attacks through sending a lot of SYN packets. Through computing probabilities of received SYN packets and comparing with normal threshold, system finds out the SYN intrusion and writes it into alert log file.