Yes, its logical that this code is detected as intrusion as it tries to load code from external files with an include directive.