Abstract: Common methods such as using verification code to authenticate login,limiting login IP address,and monitoring authentication logs cannot perfectly solve the problem of brute force cracking of account passwords.In order to improve the account security of power application system,a method of account security defense of power application system based on runtime application self-protection（RASP）technology was proposed.Firstly,a method of user login request and database association based on data platform architecture was proposed.A JAR package software probe was deployed in the Web server,and the interception code was added to the request processing class in the Web middleware based on RASP technology,which can realize the whole process of monitoring HTTP request and data exchange.Secondly,a brute-force account cracking detection method based on RASP user behavior analysis was proposed,and the normal behavior profile of the user was constructed.The current user behavior was judged to be abnormal by comparing whether the current user behavior deviates from the user behavior model,so as to realize the security defense of the power application system account.Finally,the account security defense system of power application system was designed based on RASP technology,and the system deployment architecture and functional architecture was introduced in detail.Based on the data association method in the data center architecture,the precise association between the backstage database access and the foreground specific access request was realized.Big data analytics and machine learning technologies were used to prevent brute-force cracking of account passwords,effectively improving the detection capability of new data attacks.