The invention relates to an abnormal flow data monitoring method and device, electronic equipment and a computer readable medium. The method comprises the following steps: recombining data packets intraffic data to generate multiple types of packets; extracting a first type of packets from the plurality of types of packets; extracting a certificate and server name indication information from thefirst type packet; and determining whether the traffic data is abnormal traffic data through the certificate and the server name indication information. According to the abnormal traffic data monitoring method and device, the electronic equipment and the computer readable medium, advanced persistent threats in the traffic data can be detected.