Abstract: This article presents a anomaly detection method based on correlation eigen matrix and neural network. The method first creates a profile defining a normal user's behavior, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or not. In order to avoid overfitting and reduce the computational burden, user behavior principal features are extracted by the (PCA) method. The neural network is used to distinguish valid user or intruder after training procedure has been completed by unsupervised learning and supervised learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 74.6% and a false detection rate equal to 2.9%, which is consistent with the best results reports in the literature for the same data set and testing paradigm.