ROP(return oriented programming) attack is an important method for network attackers to break through the protection of operating system and realize vulnerability attacks, and ROP chain is the main component of ROP attack. In order to detect the ROP chain in network traffic, an intelligent detection method that can automatically extract the characteristics of ROP chain and has good generalization performance was proposed. The sequential extraction method was adopted to divide the measured network traffic into multiple sequences, one-dimensional traffic data was converted into two-dimensional feature vectors by using sliding window and numerical quantization, and the detection of ROP chain was realized based on the convolution neural network model. Different from the existing static detection methods, the proposed method did not rely on the context information of the program memory address, was simple to implement, easy to deploy, and had excellent detection performance. The experimental results show that the highest accuracy rate of the model is 99.4%, the false negative rate is 0.6%, the false positive rate is 0.4%, the time cost is within 0.1 s, and the false negative rate for the real ROP attack traffic is 0.2%.