The invention discloses a multi-level attach feature extraction and malicious act identification method based on deep learning, and belongs to the technical field of network safety. The multi-level attach feature extraction and malicious act identification method comprises the steps that a deep learning method is adopted to train malicious codes in an attach act database to construct an attach data model of the malicious codes; based on the attach data model, codes to be detected in a network layer are processed, so that network layer data features of the codes to be detected are obtained; thecodes to be detected on a physical layer are subjected to feature extraction, so that physical layer data features of the codes to be detected are obtained; the network layer data features and the physical layer data features are combined to check whether or not the codes to be detected are malicious codes. According to the multi-level attach feature extraction and malicious act identification method based on deep learning, the network layer data features and the physical layer data features are combined to identify the codes, the requirement for high defensiveness of a system is effectivelymet, and the defensive reliability of the system is guaranteed. The detection accuracy rate of the malicious codes is effectively increased, and meanwhile, time consumption of system detection is effectively controlled.