Abstract: Complying with the basic rules set by MIT Lincoln Lab's IDS test, this paper establishes a Linux-host-based intrusion detection experimental system (IDS), and puts forward a feasible intrusion feature set. The IDS system takes evolutionary neural networks as decision-making tool, and extracts 29 features and detects real-time intrusions. The experiment results demonstrate that the detection system is reasonably designed, the extracted features are effective, and the IDS system can detect most known and unknown attacks.