High false alarm rate and time-space cost of rule extraction and detection limit the application of machine learning in real intrusion detection system (IDS), and IDS cannot satisfy most system performance requirements simultaneously. In this paper, a Constraint-based gene expression programming rule extraction algorithm (CGREA) is proposed which guarantees the validity of rules and reduces the evolution time through grammar constraint and probability restriction. Additionally, an adaptive intrusion detection engine (AIDE) is applied to automatically renew the detected order of rules according to the performance metric. The KDD CUPpsila99 DATA is used for evaluation and results show that the rules, which are extracted by the CGREA algorithm within a few evolution generations, can not only achieve high detection rate but also detect unknown attacks. Moreover, the AIDE based on CGREA increases the attack detection rate, and adapts itself to different performance requirements with different sequences of rule detection.