Abstract: To improve the security defense capability of the real-time online operation system of the power grid,a power grid data security defense system based on runtime attack autoimmunity technology is constructed. Firstly,a non-intrusive soft probe bytecode instrumentation security protection technology is constructed,which generates user access behavior portraits,monitors dynamic information during program execution and all database requests in real time,and identifies valid requests and illegal requests.Then,in the complex operation environment of power grid data assets,an active security defense architecture system is designed.Finally,the multi-dimensional feature extraction technology is applied to analyze the six common types of user abnormal behavior characteristics,and warn abnormal user operations in real time.By simulating a new type of hacker attack experiment,it is verified that the proposed defense system can effectively improve the security and stability of power grid data.