Abstract: In view of the lack of information about anomalous connections in anomaly detection approach,an anomaly detection model based on hybrid clustering and self organizing map(SOM) is proposed.Firstly,a clustering algorithm is proposed in order to detect anomalous connections,and then the SOM is applied to classifying the pre-detected anomalous connections,through which high level information about anomalous connections is acquired.Finally the experimental data are used for simulation.The experiment result shows that this model is effective,and can classify the detected anomalous connections and give more information about that connection from the category which it belongs to.The model has a high efficiency of the detection and classification with low false rate.