An intrusion detection system is a security attack detection/prevention mechanism, it can be implemented into the software module or hardware module for the purpose of monitoring the systems or network for malicious activities. IDS can be categorized by monitoring resources to Host Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS). HIDS are deployed to monitor local activities on the specific machine; on the other hand, NIDS placed into the central point on the network such as firewall to monitor network traffic. IDS also can be categorized depending on the detection method for anomaly and misuse (signature).In this paper, we implement a hybrid implementation of IDS using Holt-winter anomaly algorithm and signature-based approach. Furthermore, a case study using Holt-winter anomaly based and signature misuse based schemes will be implemented and analyzed, finally, the result of the experiment will be shown.