Current intrusion detection systems are generally rule-based. Although this method can effectively detect attacks, it is necessary to frequently update their rules to cope with new attacks. Additionally, this detection method may not detect attacks that are slightly different from the ones specified by rules, and there are more advanced attack techniques that can evade the system’s monitoring. The intrusion detection system of this study uses SOM neural networks to learn the distinguishable features of normal network behaviors and Internet attack, separately. Different from rule-based intrusion detection systems that use the method of packet- string matching, our method extracts feature vector from the TCP header of network packet for attack identification. For the known types of attack, the propose method is able to make classification efficiently. For ones, it is possible to detect them and then use them for later analysis. Additionally, attacks analyzed in this study is not limited to web services, e.g., the attacks of HTTP and FTP. Namely this study selects the common types of attack for testing, Hence, we are able to analyze the detection rates for each attack type in this intrusion detection system.