The invention provides a method for detecting network abnormality based on secondary negative selection, belonging to the technical field of information security. The method comprises: selecting normal network connection data as an autologous set by simulating the immune tolerance process of a biological immune system, using a secondary negative selection algorithm to perform tolerance training on a randomly-generated candidate detector, removing the candidate detectors with unsuccessful tolerance and autologous tolerance of the detector set to generate a mature detector set, utilizing autologous clustering to generate an authentication detector, detecting network connection data to be detected by utilizing the mature detector set, and finally using the authentication detector to confirm the detection result. The method mainly overcomes the defects of redundant detectors, low generation efficiency and high false alarm ratio, effectively reduces the size of the generated mature detector sets, improves the generation efficiency of the mature detector, maintains the stability of the detection rate, reduces the false alarm ratio and guarantees the network security, thereby having a wide application prospect.