With the rapid growth of Internet communication and the availability of tools to intrude the network, an intrusion detection system (IDS) has become indispensable. Clustering algorithm utilize a distance metric in order to partition data points such that patterns within a single group have the same characteristics from those in a different group. The proposed system builds a clustering engine using genetic-X-means that can assign each new event to a cluster to determine its type. This is in contrast to approaches used by existing clustering-based IDSs, which require the number of attack types in advance. Genetic-X-means handle recently evolving attacks by clustering them into respective classes, and if the attack pattern deviates largely from the existing cluster it is grouped into a new class. Genetic paradigm employs a weighted sum fitness function to choose the predominant features, which reveals the occurrence of intrusions. The weighted sum fitness function used here is dependent on problem instance and not just on the problem class. As the data patterns include categorical attributes, an influence calculation formula which converts categorical attribute to numerical attribute is proposed. The experimental results obtained in this work show that the system attains improvement in terms of detection rate when compared to a conventional IDS. Experiments show that this system can be deployed in a real network or database environment for effective detection of both existing and new attacks. © Taylor & Francis Group, LLC.