For DDoS attack detection in abnormal network traffic detection, previous deep learning-based solutions construct models and optimize parameters on datasets separated from system entities. This paper proposed and implemented a network anomaly traffic detection system based on network traffic characteristic analysis that combined Linux kernel observation technology eBPF (extended Berkeley Packet Filter) with deep learning technology. The system used eBPF to efficiently collect network traffic feature data directly from the bottom layer of the Linux kernel network stack, and then used a deep learning system based on the Long Short Term Memory (LSTM) to detect abnormal network traffic. In the specific implementation, the system first collected network traffic characteristic data through the eBPF program mount point in the bottom XDP (eXpress Data Path) of the Linux kernel network stack. LSTM was used to build neural network model and predict classification. The experimental results obtained by applying the system to a simulated experimental network environment showed that the recognition accuracy of the system reached 97. 9%. At the same time, in the case of using this system, the throughput rate of TCP and UDP communication in the network dropped by only 8. 53% on average. The results show that the system has a low impact on network communication, achieves better detection results, has the availability, and provides a new solution for abnormal network traffic detection.