Abstract: In order to effectively deal with the increasingly severe information network security threats faced by railway enterprises, this paper introduced the Cyber Kill Chain Model to identify and prevent network intrusion activities, analyzed the characteristics of corresponding attack behavior around the seven stages defined by the model. According to the expected purpose of each stage, the paper put forward the information network security defense measures with the characteristics of the railway industry to disintegrate the network threat in the early stage of network attack, build an all-round and deep-seated network security defense system, protect railway infrastructure, application system and data resources from network attacks.