The invention provides a sample homology analysis method based on a dynamic behavior chain and dynamic characteristics. The method comprises the following steps: 1, collecting and sorting attack samples; 2, classifying the training sample set; 3, putting the training sample set into a sandbox for operation; 4, sorting the samples to generate a dynamic behavior chain; 5, training a homologous analysis decision tree model by using a behavior chain extracted from the training data set; 6, extracting a behavior chain and sample IOCs information; 7, enabling the test data set to judge the APT organization to which the test data set belongs or the malicious family and type to which the test data set belongs through the decision tree model; 8, subjecting the test data set to fuzzy matching with IOCs information through a knowledge base, and obtaining homologous information; 9, obtaining a final homologous analysis conclusion. According to the method, the effect of carrying out sample homologous analysis based on the dynamic behavior chain and the dynamic characteristics on the malicious samples starting from the dynamic behavior is achieved, and the practical problems of single sample characteristic, low manual analysis efficiency, high investment and the like caused by a traditional homologous analysis means are solved.