The invention discloses a network attack identification method and system and a terminal. The method comprises the following steps of obtaining network attack behavior data corresponding to network attack behaviors, comparing the network attack behavior data with a preset rule base; wherein the rule base comprises large-class databases of network attack behaviors, each large-class database comprises a plurality of small-class sub-databases, each small-class sub-database comprises at least one piece of fine-class data, the large-class databases, the small-class sub-databases and the fine-classdata carry identification IDs, and the combination of the identification IDs is used for identifying the types of the network attack behaviors; and determining a first fine class from a preset rule base according to the large class identifier, the small class identifier and the fine class identifier contained in the network attack behavior data, and determining the type of the network attack behavior. The efficiency and accuracy of attack behavior recognition in the industrial network are improved, so that the security of the industrial network is improved, and the attack behavior of the industrial network is quickly and effectively solved.