Abstract: In order to improve the security of the system, make the fuzzy clustering Linux system anomaly intrusion detection mode, through the network information classification the dynamic test, can reduce the intrusion detection miss rate, dynamic to detect the network data flow under the condition of the invasion of the larger program, avoid the traditional way of intrusion detection.It is proved by experiment based on fuzzy clustering of intrusion detection means to be able to quickly and accurately, to detect the invasion and procedures to ensure the Linux system system security.