Abstract: An adaptive resonance theory neural network based intrusion detection approach is proposed. The approach processes both network-based and host-based data. After analyzing both the spatial and temporal associate relationship between intrusion behaviors, the approach processes the associate information of intrusion feature data to detect effectively the associate relationship between intrusion behaviors. With the abilities of self-learning and self-organization, with better stability-plasticity tradeoff and the capability of quick recognition of the adaptive resonance theory, the approach can be used to detect user behaviors in real-time, achieving good performance, especially in the recognition of unknown attacks.