Intrusion　detection　aims　to　detect　intrusion　behavior　and　serves　as　a　complement　to　firewalls.　It　can　detect　attack　types　of　malicious　network　communications　and　computer　usage　that　cannot　be　detected　by　idiomatic　firewalls.　Many　intrusion　detection　methods　are　processed　through　machine　learning.　Previous　literature　has　shown　that　the　performance　of　an　intrusion　detection　method　based　on　hybrid　learning　or　integration　approach　is　superior　to　that　of　single　learning　technology.　However,　almost　no　studies　focus　on　how　additional　representative　and　concise　features　can　be　extracted　to　process　effective　intrusion　detection　among　massive　and　complicated　data.　In　this　paper,　a　new　hybrid　learning　method　is　proposed　on　the　basis　of　features　such　as　density,　cluster　centers,　and　nearest　neighbors　(DCNN).　In　this　algorithm,　data　is　represented　by　the　local　density　of　each　sample　point　and　the　sum　of　distances　from　each　sample　point　to　cluster　centers　and　to　its　nearest　neighbor.　k-NN　classifier　is　adopted　to　classify　the　new　feature　vectors.　Our　experiment　shows　that　DCNN,　which　combines　K-means,　clustering-based　density,　and　k-NN　classifier,　is　effective　in　intrusion　detection.