Abstract: In recent years, the types of network attacks have become more and more complex, and there are still some defects in the traditional network intrusion detection model, which makes it difficult to correctly classify each type of attack. This paper proposes a hierarchical network intrusion detection model based on the core vector machine. The first classifier and the second classifier took the characteristics of the data set as input, and classified the network traffic into attack or normal. The third classifier used the output of the first two classifiers and the characteristics of the initial dataset as input. The model aimed to correctly classify each attack and provide a low false positive rate and a high detection rate. Experimental results on NSL-KDD and UNSW-NB15 data sets demonstrate that the proposed model improves classification performance and has competitive advantages in accuracy, detection rate, false positive rate and time cost, compared with existing methods.