recent significance accidents happened. i.e.: millions email account were stolen, private information are leaking from social media portal and crucial data from institutions are held for ransom. Within years, system administrators were not aware that there are intruder inside the network. The accidents happened due to the lack of intelligent tools to monitor user behavior in internal network.  In addition, accuracy is still a challenge in the existing detection systems.  This paper presents an intelligent detection system of user behavior anomaly/malware and adopts user behavior analytics and evolving clustering method to improve the accuracy of the detection. A prototype of the proposed system has been built and experiments were conducted on real traffic at College of Computer Science and Information Technology, Albaha University network. The experimental results show that the proposed system better clustering results and high percentage of accuracy