Abstract: The self-learning ability of deep learning can realize the continuous updating and expansion of intrusion detection system, and enhance the prevention ability of intrusion detection system. At present, most of the network intrusion detection research based on deep learning has not considered the imbalance of data sets. In order to solve this problem, this paper proposed a method to classify the original network intrusion traffic by category recombination technique with Focal Loss function. The grayscale image generated by the original traffic was input into convolution neural network CNN for feature extraction and learning. The category recombination technique ensured the relative balance among attack categories in training set, and the Focal Loss function improved the attention of CNN model to complex samples by affecting the class weight. Experiments on three CNN models show that macro-f1 increases by 9.41%, 1.65%, and 4.39% respectively. The results show that this method can effectively deal with the problem of category imbalance in network intrusion detection, and significantly improve the recognition accuracy of minority samples.