Aiming at the problem that the traditional industrial control intrusion detection system lacks the research on the edge intrusion signal segment and cannot detect the edge intrusion in time, which leads to the long incubation period of system intrusion and threatens the network security of the industrial control system, an industrial control intrusion detection system based on hybrid random edge computing is proposed. design. Use the central server to process and send alarm information to form a unified alarm log. Select JY211-QTQ-04 optical cable detector to display the signal strength in real time. The flow information is collected by the high-speed network I/O architecture Netmap network flow collector, and then the data is processed by the data preprocessor under the TCP/IP protocol, and the intrusion detection engine is used to detect intrusion behavior. Construct a dynamic model of intrusion detection, combined with a hybrid random edge algorithm, determine the highest energy and signal-to-noise ratio of the segment to be detected, and judge the intrusion behavior through the detected intrusion signal segment. It can be seen from the experimental results that the system can detect intrusion behaviors in time under abnormal intrusion conditions. When the intrusion time is 7s, the incubation period reaches 2.4s, which is consistent with the actual incubation period after the intrusion, and can accurately detect industrial control intrusion behaviors.