The invention discloses an industrial Internet intrusion detection as well as defense method and device. In the invention, a white list check method is adopted, i.e. only if the requested service in a service request and the client sending the request conform to those of the white list, the request is accepted; and if not, the request is refused. Compared with the black list mode checking 1 to N, the detection mode does not require a database with a great number of harmful information feature codes and does not require to upgrade the database continuously, thus the detection time is greatly shortened, the demands on software and hardware are very low and the user cost is reduced. In addition, as the industrial Internet is different from the World Wide Web, i,e, the client base of the industrial Internet is limited and fixed and the services provided by the industrial Internet are limited and fixed, the industrial Internet requires to use the data and information of specific applications and can refuse the disrelated data and information request. Therefore, the industrial Internet is extremely suitable for the white list check method; and by adopting the white list mode, the attacks of external undesirable programs on the industrial Internet can be effectively prevented and the safety of the industrial Internet can be ensured.