Abstract: In response to the problem of traditional network security emergency plans not being able to achieve computer-aided decision-making and automatic execution, based on modular design and machine learning technology, this paper studied a digital platform for network security emergency plans in railway business environments, implemented three functions: emergency plan data collection and processing, emergency plan generation, and emergency plan execution. The paper focused on the initial log data in data collection and processing, and designed a log anomaly detection method based on machine learning and association analysis techniques from two dimensions: log group and log sequence. The digital platform for railway network security emergency plans covered a series of security disposal processes from initial data detection to discovering anomalies, risk assessment, generation of plans, execution of plans, and generation of problem reports, which provided a new approach for the construction of a digital platform for railway network environment security emergency plans.