Artificial intelligence has been developed to be able to solve difficult problems that involve huge amounts of data and that

require rapid decision-making in most branches of science and business. Machine learning is one of the most prominent

areas of artificial intelligence, which has been used heavily in the last two decades in the field of network security, especially

in Intrusion Detection Systems (IDS). Pattern recognition is a machine learning method applied in medical applications,

image processing, and video processing. In this article, two layers’ IDS is proposed. The first layer classifies the network

connection according to the used service. Then, a minimum number of features that optimize the detection accuracy of

malicious activities on that service are identified. Using those features, the second layer classifies each network connection as

an attack or normal activity based on the pattern recognition method. In the training phase, two multivariate normal statistical

models are created: the normal behavior model and the attack behavior model. In the testing and running phases, a maximum

likelihood estimation function is used to classify a network connection into attack or normal activity using the twomultivariate

normal statistical models. The experimental results prove that the proposed IDS has superiority over related IDSs for network

intrusion detection. Using only four features, it successfully achieves DR of 97.5%, 0.001 FAR, MCC 95.7%, and 99.8%

overall accuracy.