Abstract: Aiming at the network attack threat faced by the current railway Internet applications, this paper studied the protection strategy based on the combination of the XDR (eXextended Detection and Response) platform + security GPT (Generic Pre trained Transformer) large model. By integrating and strengthening the traditional security equipment of the Railway Group Co. Ltd., the paper constructed a combined architecture of XDR platform and security GPT model to implement in-depth protection of Internet applications. This protection strategy could effectively enhance the network attack detection and defense capability, improve the efficiency of network security operation management, and provide new solutions for the safe operation of railway Internet applications.