The invention provides an industrial control system sequence attack detection method and device. The method comprises the steps of (S1) obtaining multiple observed quantities of sensors controlled by multiple programmable logic controllers as a test set, and obtaining a first continuous quantum set and a first discrete quantum set in the test set according to each observation value model obtained by a value classification method in advance, (S2) obtaining respective corresponding first matching probability and second matching probability by using a trained hidden Markov model based on the first continuous quantum set and the first discrete quantum set, and (S3) obtaining a detection result of industrial control system sequence attack with the combination of weights of the discrete quantum set and the continuous quantum set based on the first matching probability and the second matching probability. According to the method provided by the invention, while a condition that the industrial control system sequence attack detection is failed after a single observation quantity is tampered is avoided, and the sequence attack of an industrial control system can be efficiently and accurately identified.