With the increasing of network attacks, network information security has become an issue of global concern. The problem with the mainstream intrusion detection system is the huge number of alarm information, it has high false positive rate. This paper presents a data mining technology to reduce false positive rate and improve the accuracy of detection. The technique is unsupervised clustering method based on hybrid ANT algorithm, it can discover clusters of intruders’ behavior without prior knowledge. we use K-means algorithm to improve the convergence speed of the ANT clustering. Experimental results show that our proposed approach has higher detection rate and lower false alarm rate.