Abstract: This study designs an intrusion detection expert system with fact-base(FIDES) which includes some important files and directories that are vulnerable to certain types of attack scenarios. FIDES matches and categorizes audit data with fact-base component. Inference component of FIDES adopts misuse detection techniques or anomaly detection technique for different audit data according to the result of categorization. The experiments show that FIDES could estimate the unknown user activity accurately and the False Negative Rate and the False Positive Rate have been reduced effectively.