Intrusion Detection System (IDS) [1] is the most common network security device. It can check whether there are suspicious and threatening packets in the traffic entering the system. When IDS detect it, IDS will send an alarm to user. The most important part of the Intrusion Detection System is the feature data set of the threat packet. The Intrusion Detection System needs to detect the unknown packet through such a data set, so the Intrusion Detection System needs to know the characteristics of the attack in advance to defend. KDD CUP 1999 [2] is a publicly known data set of traffic data, including normal traffic and various types of attack traffic. Attack traffic includes the four most common types of attacks: DoS, Probe, U2R, and R2L. In order to sort out the characteristics of various attacks from the KDD CUP 1999 [2] data set. Machine Learning is a common practice. Machine learning can train data sets to accurately identify the characteristics of various attack patterns, but each machine learning algorithm will have some minor defects. For example, the K-means algorithm [3], the calculation process is simple and complex, so the calculation speed is fast, but the accuracy is slightly insufficient. To improve the machine learning algorithms, some studies using Hybrid Machine Learning Algorithm, take advantage of various kinds of machine learning algorithms to compensate for respective disadvantages. We refer to three hybrid machine learning algorithms, each of the three hybrid algorithms used in different research direction, we will use three kinds of reference hybrid algorithms to achieve Intrusion Detection System and improve our hybrid algorithm. To assess together with comparison with common machine learning algorithm evaluation indicators are evaluated. In this paper, we propose an improved hybrid algorithm for improving the calculation time. For the Intrusion Detection System, improving the accuracy can increase the overall security, but the type of network attack is changing with each passing day. If the Intrusion Detection System cost too much time in training, It is very likely that the host has been attacked, and then the Intrusion Detection System detects the attack, such a dilemma. Therefore, we believe that decreasing detection time is also a very important part of the Intrusion Detection System. The experimental results confirm that our improved hybrid algorithm not only improve the detection time, but also has excellent performance in accuracy, and can not only be improved in the traditional network environment, in the environment of Software Defined Networks, our hybrid algorithm can even perform well. In addition, our hybrid algorithm has very good stability in different environments, which can prove that our hybrid algorithm performs better than the reference hybrid algorithm.