Under the situation of detecting attacks, current IDSs have no good reacting strategy to filter attack traffic. Based on network attacks’ traffic characters, an anomaly traffic character aggregation algorithm (AFCAA) is put forward. Because normal DOS (denial of service)/DDOS (distributed denial of service) attack traffic has some characters in their packets’ head, AFCAA uses the center of gravity theory to process statistic aggregation and aggregation partition based on the special field of the destination IP attack traffic in a fixed Euclid distance, and then it distills the center of attack traffic dynamically as the characters of attacks. Afterwards, through transmitting these characters to Net Filter, AFCAA can filter abnormal packets efficiently and protect the normal packet transmission. The experimental results show that the software router using AFCAA can efficiently find useful characters of prevalent DOS/DDOS attacks, reduce the harm of attack packets’ spreading, and protect the limited network resources.