Abstract: Considering the problem that the existing hybrid intrusion detection methods only select characteristics qualitatively, which leads to a low detection efficiency, we propose a hybrid intrusion detection model that combines the advantages of misuse detection model and anomaly detection model and that utilizes the information gain rate. First, we use the information gain rate to quantitatively select the feature subset and maximize the retention of sample information. Second, to balance the global and local search ability, we use a cosine time-varying particle swarm optimization algorithm to determine the support vector machine (SVM) parameters to construct the misuse detection model. Then, by using the gray wolf optimizer to improve the search efficiency, we construct an anomaly detection model in order to obtain more reasonable parameters of the one-class SVM, and to enhance the comprehensively detection results of the hybrid model on the attack. Finally, the simulation experiment of two datasets show that the proposed hybrid intrusion detection model has better detection performance than the existing methods.