Because of the open structure of TCP / IP, the network is vulnerable to attack. In order to availably detect the intrusion, an intrusion detection system based on components is presented, and the implementation of it in Linux environment is made in combination with the development of NMS software. The system consists of manager console, analyzer, storage system, response system, network engine and host agent. By operating cooperatively and using the improved Boyer-Moore algorithm, the network intruding acts can be detected effectively and the information network security is defended.