The invention relates to a power monitoring active defense method and system based on virtualization dynamic deployment, and the method comprises the steps: (1), building a virtual honeynet system, and simulating a real business system of a power network; (2) monitoring the state of the virtual machine in real time, and carrying out honeynet trapping to obtain an abnormal behavior track when an abnormal data flow is monitored; and (3) analyzing whether the behavior is a malicious attack behavior or not, and carrying out blocking response. The active defense system adopting the honeypot and sandbox technology can reduce the possibility that a real service network of the power system is detected, increase the attack cost difficulty and timeliness of attackers, and effectively complement passive protection measures existing in the power system.