Network-based computer systems play increasingly vital role in modern society have become the targets of hackers or intruders. The security of a computer system is compromised when an intrusion takes place. An intrusion can be defined as “any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource”. Intrusion prevention techniques, such as user authentication, avoiding programming errors and information protection (e.g., encryption) alone is not sufficient because as systems become ever more complex, there are always exploitable weakness in the systems. Intrusion detection is therefore needed as another wall to protect computer systems.

Intrusion detection is used as a countermeasure to preserve data integrity and system availability from different types of attacks. Data mining is being used here to clean, classify and examine large amount of network data to correlate common infringement for intrusion detection. The main reason for using data mining techniques for intrusion detection is to reduce the need to process large amount of data.

Clustering is used to determine the intrinsic grouping in a set of unlabeled data by applying the following rules for classification:

• Source, Destination IP/network
• Network protocol (IP, ICMP,..)
• Application protocol (distinguished by port nr.)
• Protocol options
• Content (size, type, characteristic strings,..)
• Other features (sequence nr., TCP flags, TTL,..)

This paper can be a part of secure systems where we try to detect the intrusion.