The invention discloses a classifying fusion intrusion detection method based on novel discovery and a window function, which mainly solves the problems of low detection rate and high complexity of the prior support vector machine classifying method. The method is realized by the following steps: (1) acquiring data sets of mainframe network behaviors, and processing the data sets to obtain a characteristic vector; (2) selecting normal data sets of non-intrusion behaviors as training sample sets, and training to generate a first classifier; (3) acquiring data sets again, calculating a decision function f, and converting the decision function f into a probability estimation form; (4) training a second classifier by a PARZEN window function method; (5) performing probability density distribution estimation on the data sets in step 3, and setting a probability density threshold according to a Bayesian decision; (6) performing weighted fusion on output results of the first classifier and the second classifier; and (7) performing early warning or repeating the step (3) on the network behaviors according to a result y(x) of the weighted fusion. The classifying fusion intrusion detection method has the advantages of high detection rate and low false alarm rate, and is suitable for network intrusion detection.