When the regional Internet is attacked, its traffic will change significantly. Therefore, a method based on traffic characteristics to detect the attack source IP address of the regional Internet is proposed. NetFlow technology is used to collect the IP data stream forwarded by users at high speed and obtain the network traffic data. The abrupt data in network traffic shall be removed. The minimum redundancy and maximum correlation are used to extract the traffic characteristics of the Internet to improve the detection accuracy of the attack source IP address. With the information entropy of traffic characteristics as the input, combined with extreme learning machine and k-means algorithm, attack traffic detection and determination of Internet attack source IP address are realized. The test results show that the attack source IP address detection quality index is above 0.9 under the application of the research method, which indicates that the research method has higher detection accuracy and better detection quality.