In this paper the authors present a method for detecting network intrusion using combination of reinforcement learning and testing hypothesis for observing anomalies in network behavior. This solution is based on building network traffic characteristics using Q-Iearning and analyzing deviation of cu"ent network properties from its nonnal behavior. Because network behaviors have been observed in the long run, the learning process will be decision problem in finite horizon and has non-stationary properties. The combination of Q-Iearning algorithm with Kolmogorov-Smirnov test is used in implementation of the system because of its simplicity and efficiency. For building stable network characteristics, the authors must observe its behaviors in the long run. This combination method shows effectiveness to detection of some DDoS attacks, internet wonns and port scanning attacks. Experimental resuUs on UDP Flood and Smurf are presented.