Intrusion detection systems (IDS) are useful tools that help security administrators in the developing task to secure the network and alert in any possible harmful event. IDS can be classified either as misuse or anomaly, depending on the detection methodology. Where Misuse IDS can recognize the known attack based on their signatures, the main disadvantage of these systems is that they cannot detect new attacks. At the same time, the anomaly IDS depends on normal behaviour, where the main advantage of this system is its ability to discover new attacks. On the other hand, the main drawback of anomaly IDS is high false alarm rate results. Therefore, a hybrid IDS is a combination of misuse and anomaly and acts as a solution to overcome the disadvantages of these two methods. In this paper, a new hybrid IDS is proposed based on the RNA encoding idea and applying the K-means clustering algorithm. Firstly, choosing random records for both training and testing. Secondly, propose RNA encoding by calculating all possible record values within dataset and generating RNA characters for each value, then dividing it into blocks. The third step is done by searching and extracting normal keys based on the most repeated blocks, and the same procedure is applied to extract the attack keys. Finally, the Kmeans clustering method is used to classify the testing records based on extracted keys. The proposed method is evaluated by calculating the detection rate (DR), false alarm rate (FAR), and accuracy, where the achieved DR, FAR, and accuracy are equal to 91.13%, 0.46%, and 92.02% respectively. Based on the achieved results, it can be said that the proposed hybrid IDS has high DR and accuracy results, can detect new attacks, and can solve the problem of anomaly IDS by getting a low false alarm rate result.