Due to the lack of efficiency and stability in the deployment of traditional intrusion detection systems in resource-limited industrial equipment, an intrusion detection system for intelligent substations was proposed to supplement the evaluation model of industrial equipment security risks. The system used a gray model-based network vulnerability node active prediction method to balance the weight of threat sources in the established threats and risk assessment model. A risk value calculation algorithm based on the three-dimensionality of information security is proposed. The algorithm used a fuzzy consistent judgment matrix to calculate the risk value parameters. Therefore, a risk evaluation that can intuitively determine the scope and extent of the attack on the system was completed. Through relevant experiments, the system can effectively detect intrusion attacks and have good performance while satisfying the passive, low load, real-time and reliability in the deployment environment.