There obstacles in developing an effective intrusion detection systemin this modern digital world. This work proposes a three level model in developingNIDS that offers multiple types of correlations. In the first level, several feature selection techniques are integrated existing feature selection techniques Correlation Feature Selection, Information Gain and Chi square to find the best set of features used in this work. The second level enhances the structural based alert correlation model based on Expectation and Maximization (EM) to improve the quality of alerts and detection capability by grouping alerts with common attributes. Then an anomaly classification module is designed in the third level based on fusion of five heterogeneous classifiers Support Vector Machine (SVM), Instance based Learners (IBL), Random Forest, J48, and Bayes Net using Voting as a Multi-Classifier. The NSL KDD dataset is used in this experiment. The overall detection rate is 99.9%, false error rate 0.1% and execution rate of 1340.7 seconds. This shows that HAC is effective and practical in providing complete correlation even on high dimensionality, large scaled and low quality dataset used in intrusion detection system.