This paper presents a new approach to detecting attack activities. In this method, network connections were transformed into data points in the predefined feature space. The influence function was designed to quantify the influence of an object and, further, the data field was divided into positive field and negative field according to the source pointpsilas category. To perform classification, all the labeled training samples were regarded as source points and a data field was built in the feature space. The influence felt by given testing point in the data field was calculated and its class was judged according to the sign and magnitude of the influence in detecting process. Experimental results demonstrate that our approach has good detection performance.