The invention discloses a grid unknown threat detection system and method. The system comprises a grid security situation sensing platform, an unknown threat analysis system, a cloud sandbox system and a grid security operation and maintenance system. The unknown threat analysis system is used for receiving and detecting the abnormal network traffic transmitted from the grid security situation sensing platform, extracting an unrecognizable suspicious traffic file, and submitting the extracted suspicious file to the cloud sandbox system. The cloud sandbox system is used for operating the suspicious file in an operation-limited user-defined virtual environment, monitoring and recording the operating process of suspicious file, generating an analysis result, and submitting the analysis resultto the grid security operation and maintenance system in order that the grid security operation and maintenance system performs early warning and control of the unknown threats based on the analysisresult. The system and method provided by the embodiment of the present invention can timely and accurately detect the unknown threats in the grid environment, and ensure stable operation of the gridsystem.