Abstract: Industrial control systems face increasing threats. In order to achieve active defense and more accurate identification of intrusion data types, based on the deployment environment of industrial control honeypots, a model is designed to identify specific types of intrusion data. This model performed kernel principal component analysis (KPCA) dimensionality reduction on the captured data, and used the Fisher algorithm to classify the processed data. If it was determined to be an abnormal class, the BP neural network was used for secondary discrimination to determine the specific type of intrusion. The experimental results show that the detection rate of this method can reach 95%, and it can classify the data well and determine the specific type of intrusion.