Network　data　are　always　high-speed　and　unlimited.　Typical　data　mining　methods,　which　always　do　multi-scanning　to　databases,　do　not　fit　in　with　constructing　intrusion　detection　model　for　high-speed　network　data　streams.　Proposed　in　this　paper　is　a　new　intrusion　detection　model　based　on　mining　multi-dimension　data　streams.　It　combines　anomaly　detection　mechanisms　with　misuse　detection　techniques,　and　thus　it　can　mine　new　attack　types　as　well　as　anomaly　detection　techniques　do,　and　has　a　high　detection　efficiency　like　the　misuse　detection　mechanism.　In　fact,　a　network　access　data　stream　has　a　complex　structure,　that　is,　an　accessing　behavior　always　needs　a　lot　of　attributes　to　express,　and　so　analyzing　a　network　access　data　stream　is　a　hard　work.　Through　using　the　multi-frequency　technique,　this　paper　solves　the　problems　of　pattern　expression　and　generation　for　network　access　data　streams.　A　new　data　structure　called　MaxFP-Tree　is　proposed,　and　a　new　algorithm　called　MaxFPinNDS　to　mime　frequent　patterns　from　data　streams　is　designed.　Due　to　using　damped　window　techniques,　the　algorithm　MaxFPinNDS　can　efficiently　and　effectively　find　out　maximal　frequent　itemsets　in　recent　period　of　a　data　stream.　The　experiment　results　show　that　the　proposed　algorithms　and　models　are　very　effective　to　intrusion　detection　on　network.