Insiders pose a serious threat to the security of computer systems and computational infrastructures. There are two general types of malicious insiders: masqueraders who operate under another legitimate user's ID, and misfeasors who are authorized to use the information system but abuse their privileges. Anomaly detection is a typical approach to detecting an insider's misuses, based on the assumption that insider misuses are unusual activities that departs from a normal user profile. However, the success of anomaly detection has been limited due to its unsatisfying performance, mainly the high rate of false alarms caused by "concept drift." We present our user behavior level anomaly detection framework, based on the theory of the Evolving Fuzzy Neural Network. Multiple and heterogeneous data are integrated to build user behavior profiles, and adaptive learning techniques are employed to reduce the false alarm rate. We detail our preliminary experiments with the Windows NT user profiling data and discuss the directions for future research.