Abstract: In order to detect the Advanced Persistent Threat (APT) attack against the railway information system more accurately and efficiently, this paper studied and designed an APT malicious traffic early warning system based on stacked Long Short Term Memory (LSTM) model. The paper transformed UNSW-NB15 data set into data set suitable for model training in APT malicious traffic early warning system, proposed a method to recalculate the early warning results by using the periodic characteristics of APT attack, and introduced the concept of confidence to achieve more accurate determination of the traffic type. The APT malicious traffic early warning system was tested on the Kaggle cloud platform. Its accuracy rate, accuracy rate, recall rate and other indicators were superior to other methods. The experimental results show that the system has better performance, can effectively improve the accuracy of APT malicious traffic early warning, and reduce the rate of false alarm and missing report.