This work proposes an Intrusion Detection Model (IDM) for detection of intrusion attempts caused by worms. The proposal is a hybrid IDM since it considers features of both network packets and host that are sensitive to worms. The proposed HybD (Hybrid Dataset) dataset, which is composed of the 10% KDD'99 (Knowledge Discovery in Databases) dataset features and the suggested host-based features, is used to build and test the proposed model. Both of misuse and anomaly detection approaches are used. The hybrid IDM has been designed using Data Mining (DM) methods that for their ability to detect new intrusions accurately and automatically, also it can process large amount of data, and it is more likely to discover the ignored and hidden information. Interactive Dichotomizer 3 classifier (ID3) and Naïve Bayesian Classifier (NB) are used to build and verify the validity of the proposed model in term of classifier accuracy. The results of implementing the proposed model show that accuracy of NB classifier is generally higher than that of ID3 classifier with the four sets of features.