The embodiment of the invention provides an abnormal flow behavior discrimination method and device. The method comprises the steps that text features and statistical features of HTTP requests in to-be-discriminated flow are obtained; according to the text features and the statistical features, abnormal flow behavior discrimination is conducted on the to-be-discriminated flow, wherein the text features are output results obtained by inputting the HTTP requests in an n-gram model, and the statistical features comprise at least one of request path statistical features, request parameter statistical features, character distribution features, character frequency features, character entropy and keyword features of the HTTP requests. According to the abnormal flow behavior discrimination methodand device, by means of the text features and the statistical features which are obtained in the HTTP requests, the to-be-discriminated flow is subjected to abnormal flow behavior discrimination, efficient and accurate abnormal flow behavior discrimination is achieved, and important significance on information security protection and vulnerability discovery is achieved.