Abstract: According to the characteristics of network security defense under the new situation and the defense requirements of railway network security, this paper proposed a railway network security defense mechanism under the new situation around four directions: overall defense, defense execution, technical research and cooperative defense. This mechanism was based on the key technologies such as intrusion detection, pseudo defense and threat event analysis. It took the defense framework as the leading role and was in depth technical breakthrough and cooperative defense, with a view to realizing rapid response and consistent implementation of railway network security defense, and further improving the railway network security defense capability.