Abstract.Computer networks are becoming more insecure and vulnerable to intrusions and attacks as they are increasingly accessible to users globally. To minimize possibility of intrusions and attacks, various intrusion detection models have been proposed. However, the existing procedures suffer high false alarm, not adequately adaptive, low accuracy and rigid. The detection performance deteriorates when behavior of traffic is changing and new attacks continually emerge. Therefore, the need to update the reference model for any given anomaly-based intrusion detection is necessary to keep up with these changes. Severe changes should be addressed immediately before the performance is compromised. Available updating approaches include dynamic, periodic and regulated. Unfortunately, none considers severity of changes to trigger the updating. This paper proposed an adaptive IDS model using regulated retraining approach based on severity of changes in network traffic. Therefore, retraining can be done as and when necessary. Changes are denoted by ambiguous decisions and assumed to reflect insufficient knowledge of classifiers to make decision. Results show that the proposed approach is able to improve detection accuracy and reduce false alarm.