Abstract: This paper proposed a dynamic protection framework for critical information infrastructure to address the issue of the current railway network security protection framework being unable to adjust security protection strategies in a timely manner according to new changes in the situation. It analyzed the deficiencies in the security protection of railway critical information infrastructure, implemented threat recognition through deep learning theory, dynamically adjusted node weights based on attack trees and provides interpretable attack paths, dynamically changed defense mechanisms based on mobile target defense algorithms, and formed a dynamic closed loop of "threat detection risk assessment defense decision-making". This framework can provide reference for railway critical information infrastructure operators to carry out security protection design.