Abstract：An intrusion detection system with multi detection engines could overcome the limitations of one with a single detection engine. But up to now, the methodology dealing with network attacks lacks theoretical guidelines for the partition of the inference function. From the detector's point of view, this paper proposes a detection-centered methodology dealing with network attacks. Network attacks can, therefore, be divided into five categories: character string attack, overflow attack, repeating attack, multi-step attack and multi-stage attack. An intrusion detection system with isomerous detection engines is built on that basis. Experiments show that it can avoid the deficiencies of existing detection methods.