Abstract: With the diversification and intelligence of network intrusion behaviors, network data has the characteristics of high feature dimensionality and non-linear separability, which leads to insufficient feature extraction and low model classification accuracy in network data. Therefore, an intrusion detection model based on independent component analysis (ICA) and three-way decisions (TWD) is proposed. The characteristics of network connection data were reduced by using ICA algorithm based on maximal non-Gauss property. The data was mapped from high dimensional feature space to low dimensional space to eliminate redundant data. And a multi-granular feature space was constructed through multiple feature extraction. Decisions were made on network behaviors based on three decision-making theories. Experiments were performed on NSL-KDD and CIC-IDS2017 data set. The results show that the proposed model has better feature extraction capability and more accurate classification ability.