By accurately identifying security threats, the ensemble machine learning hybrid model that was built aims to increase the speed of intrusion detection. System and single model-based intrusion detection systems are less effective since they are unable to identify novel attack types and frequently generate an excessive number of false alarms. In order to address current implementation challenges, Hybrid Ensemble Machine Learning (HEML) employs a two-stage architecture framework that blends supervised and unsupervised learning methods. K-means clustering's first step generates cluster groups, which are then used to identify network traffic irregularities that deviate from predetermined boundaries. The unsupervised preprocessing approach produces better classification results by effectively separating suspicious activity from typical network activity. The second stage of processing creates categories for network events using an ensemble classifier that consists of Random Forest (RF), Support Vector Machine (SVM), and Gradient Boosting Classifier (GBC). The final forecasts become more precise, dependable, and confident by combining the probability findings from each separate model using a technique known as soft voting. NSL-KDD, CICIDS2017, UNSW-NB15, BoT-IoT, and TON_IoT are five benchmark datasets that were used to evaluate the hybrid model based on their unique network features, attack collections, and data structure features. With an ideal accuracy rate of 97.2%, F1-score value of 0.96, and AUC level of 0.99, combined with a minimal false positive rate, the hybrid system outperformed both classification techniques and ensemble schemes.