I. Introduction
In cyber security, the determination of threat possibilities in intrusion detection is always a challenging issue. Many works pay their effort in exploration [1]In recent years, large scale and pervasive data are accessible on Internet, which inspires researches to achieve the automation process.