Internal tracking method and network attack detection

The invention provides an internal tracing method for network attack detection. When testing a network invasion detection system, by configuring and uniting three parts of an attach party, a defense party and a target party, and by setting internal detection points in each part, the whole life cycle of the attack data packet for test is traced at different sages of attack, defense and under-attack, namely, when testing the network invasion detection system, in the whole process of attacking, filtering, detection and arrival at a target host computer of one attack data packet for test, a tester can clearly understand the state and information of the data packet at every important stage, so that the tester can conveniently, quickly and accurately generate a test report.