The traditional network intrusion detection method has the low detection rate and can not detect on-line, therefore, a network intrusion detection method based on Mahahanobis distance and HMM is proposed. Firstly, the intrusion detection system framework is described, then using the Mahahanobis distance as the evaluating function, an improved K-means algorithm with the adaptive grow of nodes is introduced to get the cluster, so the posterior probability of samples attributing to the intrusion types is obtained, and it is used to initialize the distribution, state transferring probability and observation probability, the forward and backward evaluating rules are used to train the HMM, therefore, the HMM detection model is obtained, and the sample can be input to all the models and make the model with biggest probability as the final attack type. The simulation experiment shows the method proposed in this paper can effectively realize the intrusion detection, it not only has the higher detection rate, and has lower error detection rate and loss diction rate, and it is an effective intrusion detection method.