Abstract: An intrusion detection gray space model is presented based on rough set theory. Information gain is used to equivalence rule discovery and reduction algorithm. As a result, a new intrusion detection model is designed. According to the analyses and validation based on KDDCUP 99, the experimental results show that the model is good for networks intrusion detection with simple classification rules, short detection time and high detection accuracy, and it overcomes the bottleneck that the detection system can not effectively determine the unknown behavior.