Power station automation system data network security monitoring method

The invention relates to a power station automation system data network security monitoring method. An Snort detecting engine is utilized to realize the monitoring for a power station automation system data network on a traditional electric power system computer network system, an inserted rule of the engine comprises communication rules including CDT, IEC-60870-101 and IEC-61850, and the frame format of the rule is utilized to establish an engine matched condition; the monitoring for network security is realized through the following two modes: a. monitoring the data frame content transmitted on the work, using a rule format transmitted by power station data as a reference, permitting the information satisfying the rule format to continuously circulate, and isolating the information unsatisfying the rule format; b. monitoring the real-time flow of a power station data acquisition network, and if finding abnormal network flows, then indicating that abnormal data is transferred, and giving warning information by a power station automation system data network security monitoring device.