There are different methods combining misuse and anomaly detection for intrusion detection. However, most of them consist of more than one basic models which complicate the learning process. In this paper, we present an effective intrusion detection method with low complexity on the basis of the end-to-end memory network to classify the network behavior data by taking advantage of domain knowledge. A matching module and a blending module are designed in our model to ensure that relevant knowledge items take effect in the classify module. Furthermore, additional output are provided with the detecting result as explainable reference information. Data pre-processing is done using data normalization and knowledge items about attacks are selected from the dataset. Experimental results show that the domain knowledge plays a positive role in the model and the proposed method has good performance on intrusion detecting..