The invention relates to an industrial control safety audit system based on protocol deep analysis and an application thereof. The system comprises an on-site monitoring layer, a control layer, a physical layer, an industrial control safety audit module and a safety protection management platform, the industrial Ethernet and an on-site bus are located between the field monitoring layer and the physical layer, the on-site monitoring layer performs data transmission and behavior control on the control layer through the industrial Ethernet, the physical layer is connected with the on-site bus through a sensor, an actuator and the like, and the on-site monitoring layer is mainly used for abnormality detection of an industrial network; according to the invention, targeted detection of abnormalbehaviors can be carried out, the accuracy is high, a physical layer realizes effective physical blocking of malicious behaviors such as network attacks and illegal access in operation of industrial control system equipment by controlling an interface of an external control line, and loss is stopped in time; the industrial control system equipment terminal security protection method is good in compatibility, better in applicability, convenient in equipment increase and decrease, and capable of flexibly updating the alarm rule base and improving the protection capability.