Abstract: This paper introduces the model discursion-based intrusion detection system and the model-based intrusion detection system and presents a new kind of IDS based on agent, by which IDS distributes data and task to the nodes in the networks. Thus IDS can make best use of compute capability and resources of the networks, which covers the shortage of conventional centralized intrusion detection approach. Importantly, the genetic algorithm applied to the IDS is introduced in detail. In allusion to the apriori knowledge of system security always embodying as the selection of the useful subset of attributes in original data, this IDS uses the genetic algorithms to optimize the feature subset selection and to find the relative optimal subset of attributes expressed by feature vector. The IDS uses data mining algorithms to abstract key features of system runtime status from security audit data, and it uses genetic algorithm to select the feature subset to reduce the amount of data that must be obtained from running processes and classified.