There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changed to IDSs are expensive and slow. However, the data mining techniques in discovering behavior features have a big advantage. In this models, first features and rules from the training data are extracted, then using these rules to detect new intrusion, by using this means, updating rules and system will be more faster and cheaper. The diction rate is high, the result proves that using data mining technology for building Intrusion Detection System is feasible and availably.