The invention relates to an Android platform intrusion detection method based on a K-means cluster. The method comprises the following steps: firstly, adopting an adaptive threshold detection method to collect use conditions of an Android platform monitored under a normal condition and an abnormal condition, preprocessing an abnormal data packet, and constructing a detection vector; secondly, adopting an improved K-means algorithm to establish an intrusion detection model; and finally, further analyzing the detection vector, and judging an abnormal intrusion behavior according to an analytic result. The Android platform intrusion detection method based on the K-means cluster provided by the invention adopts an adaptive threshold to detect the network traffic abnormality, and adopts a K-means detection algorithm as a core analysis algorithm of intrusion detection, improves a classic K-means algorithm and selects an initial clustering center based on density. The Android platform intrusion detection method based on the K-means cluster provided by the invention can accurately detect the intrusion behavior of network traffic abnormality and improve the autonomous defense capability of the Android platform.