The invention discloses an industrial control system intrusion detection method and system. The method comprises the following steps: recording all software and operating systems needing to be operated in an industrial control system environment, configuring an industrial control system, and collecting and storing the behavior information of the industrial control system during the operation; operating a malicious program, collecting and storing the behavior information of the malicious program during the operation, and processing the collected behavior information of the industrial control system and the behavior information of the malicious program during the operation to generate a feature sequence; labeling the feature sequence in a classified manner, training a neural network model, collecting and storing the behavior information of the industrial control system during the actual operation; processing the behavior information of the industrial control system during the actual operation to generate a feature sequence, judging the feature sequence through the trained neural network model, and if the judgement result deems that the feature sequence belongs to a malicious programbehavior, suspending the operation of the industrial control system. By adoption of the industrial control system intrusion detection method and system disclosed by the invention, the perception ability of the industrial control system on malicious program attacks is improved.