To solve the Access Control List (ACL) strategic audit problem in multi-layer firewalls, the policy anomalies in single firewall and between multi-layer firewalls were analyzed based on time. Then the Anomaly Detection based on Backtracking Algorithm (ADBA) was proposed by constructing the tree structure according to the topology of firewalls. First, the ACL policy of each firewall was analyzed and the data format was unified to the database. Second, the tree structure of firewall was built based on the topology of the firewall and the anomaly would be detected in a single firewall. Finally, the data in the database and the tree structure was used in ADBA to detect and record the abnormal strategy. The experimental results show that compared with the Semi-isomorphic Marked Firewall Decision Diagram (SMFDD) algorithm, the proposed ADBA can reduce the execution time of anomaly detection by 28.01% and reduce the miscalculation of anomaly detection according to the time factor. The ADBA can be implemented effectively at multi-layer firewalls ACL audit to improve detection accuracy and reduce detection time.