Abstract: By integrating Graph Sample and Aggregate(GraphSAGE) and improved Graph Attention Network (GAT), a neural-network-based industrial control intrusion detection is proposed to deal with the complex characteristics of data features in industrial control intrusion detection. Firstly, the intrusion detection traffic data is constructed as a graph structure, and GraphSAGE is used to sample and aggregate neighbor node information to obtain the embedding vectors of nodes, reducing the spatial complexity of the graph structure and improving the efficiency of processing large amounts of data. The improved multi-head attention mechanism is used to enrich the captured feature information, calculate the correlation and importance between nodes, assign corresponding weights to each node, and improve the classification accuracy. This method is verified on an industrial control data set, and the experimental results show that it has better time efficiency and higher detection accuracy.