Abstract: In the network intrusion detection, because of the high dimensionality and redundant features of the original data, the storage burden of the intrusion detection system is increased, and the performance of the classifier is reduced. Aiming at this problem, this paper proposes an intrusion detection feature extraction method based on information theory model. The method starts with the feature of maximum information gain, and then iteratively adjusts the correlation among the classification mark of the data set, selected feature subset and candidate feature by search strategies and evaluation functions. Finally, the feature subset is determined by terminating conditions. In the experiment, we chose sample dataset for intrusion detection as the experimental data, and apply feature vector selected by the method to the support vector machine classification algorithm. It is found that the detection accuracy is almost unchanged, in the case that the dimension of the feature is greatly reduced. The results show the validity of the method.