The communication links in networked control systems are vulnerable to various malicious attacks. In this paper, we propose a novel network attack detection scheme that is able to capture the abnormality in the traffic flow caused by a class of attacks targeting at the communication links. We model the network traffic flow in the bottleneck as a nonlinear system with unknown dynamics. By utilizing an observer, network attack detection residual is generated which is used to determine the existence of attacks in the networks when the residual exceeds a predefined threshold. We also revisit an optimal event-triggered controller for the physical system and derive the maximum delay and packet loss that the system can tolerate.