Abstract: As less useful information for new intrusions could be obtained by anomaly detection, a method for capture and classification of new intrusion is proposed. First, in order to improve the performance of the system, an improved al- gorithm for feature extraction is proposed and combining with the other two methods a feature integration system is built to capture anomalous connections. Second, patterns matching plays a role of filtering out the known intrusions, and the remaining new intrusions is as the input to clustering module, through which further classification is carried out, af- ter that the valid information about its class is obtained. Finally, the results of experiment simulation using data set KID D(}UP99 show that the detection method has better detection rate and low false alarm rate, and the method to identify and classify the new intrusions is valid.

Key words: Feature extraction, Ensemble classification, Support vector machine (SVM)，Self-organizing map (SOM)，Anomaly detection, Information acquisition