In response to those new network intrusion methods, and in order to improve detection rate for unknown malicious behaviors, rough set theory was used to construct models for intrusion detection problem. Firstly, intrusion detection model PRS-IDM was built with probabilistic rough set, the threshold parameter in it was used to build intrusion detection model VRS-IDM based on variable precision rough set. The detection training data set was reduced based on VRS-IDM and detection rules were constructed. The experiment proves that this method has a good detection collected rate, and deal with unknown potential intrusions effectively.