As computer networks expand, attacks and intrusions into these networks have increased. In addition to firewalls and other intrusion prevention equipment, other systems, such as IDS (Metrics), are designed to provide enhanced security in computer systems, including the purpose of monitoring intrusive and intrusive activities. Intrusive allocation system can be considered effective if the high intrusion rate is slightly misleading, and in this article a new way to classify it is abnormal (infiltration) in the host or network. UNSW‐NB15 and KDD‐Cup'99 Datasets Introducing Random Forest and PSO algorithm. In this paper, training data and label data used with the random forest algorithm. After creating a random forest algorithm, provide test data. We use the data stored in train step, which is actually a copy of the data, so that when performing the test step, the same training data can be compared with categorize using a PSO algorithm. In in order to show the accuracy of the proposed method, an example of the confusion matrix formed in the code that showed performance of all methods and modes studied is compared based on accuracy and time that the PSO algorithm has always been able to take less time, which is quite acceptable and predictable. Improves correct diagnosis of correct detection rate in that report was 75.94% and in the proposed method in this article it reached 97%. With the proposed method, learning speed has been greatly increased and accuracy is acceptable.