The invention relates to a Modbus TCP communication behavior abnormity detection method based on an OCSVM double-contour model. The method comprises steps that a normal behavior contour model and an abnormal behavior contour model of communication behaviors of an industrial control system are constructed, namely a double-contour model, parameter optimization is carried out through a particle swarm optimization algorithm (PSO), an optimal invasion detection model is acquired, and the abnormal Modbus TCP communication flow is identified. Through the method, the false alarm rate is reduced through cooperation discrimination of the double-contour detection model, efficiency and reliability of detection on abnormity are improved, and the method is more suitable for practical application.