The invention provides an industrial control protocol fuzzing test method based on protocol state, comprising the steps of extracting a protocol state machine, building a message sequence library, guiding the protocol state, sending and storing test cases, carrying out abnormality monitoring based on heart rate, and locating a test message causing abnormality. In view of the problem that industrial control protocol fuzzing test is of high blindness and low efficiency, test cases belonging to the protocol state of an industrial control component are sent to the industrial control component based on the protocol state, and therefore, the coverage of fuzzing test is extended effectively, and the test cases are more targeted. The abnormality monitoring based on heart rate is of extensive applicability. In addition, through the method for locating a test message causing abnormality, a single message or a message sequence causing abnormality of the industrial control protocol can be located efficiently and accurately, and excavation and analysis of security holes are facilitated.