Network flow data can be used to detect network attacks which manifest deviations from profiles of normal network flows. This paper presents several measures of network flows to detect network attacks. These network flow measures are established from an analytical study of network flow data from benign network activities and network attacks provided by Canadian Institute of Cybersecurity. Both univariate and multivariate analyses of network flow data are carried out to examine differences between benign network activities and network attacks in univariate frequency distributions and multivariate data associations of network flow variables. The univariate measure of network flows is established to detect network attacks using a measure of distribution difference and the number of network flow variables showing the distribution difference greater than a certain threshold. The multivariate measure of network flows are established to detect network attacks using the number of network flow variables smaller than a certain threshold and the absence of certain network flow variables in conditional variable values of multivariate data associations.