In this work, we proposed a framework for real-world network anomaly detection tasks. We utilize an ensemble model to integrate multiple boosting methods, as well as a hierarchical architecture to solve the class-imbalanced problem caused by a large amount of normal data. The quantitative results show that this architecture effectively reduces the false positive rate. Moreover, the method performs state-of-the-art on the latest real-world dataset, ZYELL-NCTU NetTraffic-1.0. It also exhibits well on the other simulated datasets. We believe that this architecture can narrow the gap between simulated researches and real-world applications.