41 higher-level derived features were presented by Stolfo et al that help in distinguishing normal connections from attacks. Numerous researchers employed these features to study the utilization of machine learning for intrusion detection and reported detection rates up to 91% with false positive rates less than 1%. Unfortunately, with these 41 derived features as inputs, IDS systems take long time to converge when training and work slowly during on-line detections. We reduced the number of inputs while keeping IDS systems high detection rates. After simulation, analysis and experiment, we reduce the input number to 18, get a “best” architecture, i.e. 18-36-1, of BP neural network for IDS systems. Furthermore, we find an appropriate training function, i.e. trainbfg, for our “best” architecture.