Abstract: Clustering is one of the promising techniques used in Anomaly Intrusion Detection (AID) especially to detect unknown patterns. Two factor influence accuracy IDS using this technique: clustering and labelling algorithm. Fuzzy Adaptive Resonance Theory (Fuzzy ART) is well known algorithm for high accuracy but has high false-alarm rate, while Normal Membership Factor (NMF) is a good labelling algorithm for IDS, but preliminary experiments found that many clusters are labelled incorrectly. Therefore this paper proposed a new labelling algorithm known as Similarity Normal Cluster (SNC) and improved the Fuzzy ART clustering technique using K means. The SNC uses fundamental assumption of NMF, but similarity is measured based on the percentage of similarity among the regular clusters, using the Euclidean distance repeatedly in the cluster and ensuring that all clusters are measured. The performance of the proposed labelling algorithm is evaluated by comparing it with the NMF and with Fuzzy ART and Fuzzy ART with Euclidean ART respectively. The experiment is conducted using 10 data sets collected from the NSL-KDD dataset. The result shows that SNC always deliver better results than NMF whilst Fuzzy Art with SNC obtained the best combination result compare to others.