Abstract: In order to ensure the safety of hydropower plant network operation and aiming at the problems of poor detection function and operation performance of the existing hydropower plant network intrusion detection system,this paper uses Winute network threat perception technology to realize the optimal design of the system from three aspects of hardware,database and software function. In terms of system hardware,the optimization of system hardware equipment is completed by refitting network traffic collector and network data processor,and adding Winute network threat sensor as the operation environment of network threat perception technology. Then the system database tables are built from the four aspects of attack rule base,application identification rule base,URL filter base and virus base,and the connection between database tables is realized according to the internal relationship between data. The network intrusion detection standard of hydropower plant is set,and the collector equipment is used to capture the network traffic data of hydropower plant. The characteristics of density and gain in the network flow data of hydropower plants are extracted,and the network intrusion events are identified by using Winute network threat perception technology. Combined with the intrusion event identification results,the detection results including network intrusion status,intrusion type and other information are output through feature matching. The system test results show that compared with the traditional network intrusion detection system,the intrusion detection error and type detection error rate of the optimized design system are 2.8 and2.3% lower,respectively,and the maximum number of concurrent connections and the throughput rate of the system are higher,that is,the intrusion detection function and operation performance of the designed system have more advantages.