Aiming at the problems of lack of Industrial Control System （ICS） data and poor detection of unknown attacks by industrial control intrusion detection systems， an unknown attack intrusion detection method for industrial control systems based on Generative Adversarial Transfer Learning network （GATL） was proposed. Firstly， causal inference and cross-domain feature mapping relations were introduced to reconstruct the data to improve its understandability and reliability. Secondly， due to the data imbalance between source domain and target domain， domain confusion-based conditional Generative Adversarial Network （GAN） was used to increase the size and diversity of the target domain dataset. Finally， the differences and commonalities of the data were fused through domain adversarial transfer learning to improve the detection and generalization capabilities of the industrial control intrusion detection model for unknown attacks in the target domain. The experimental results show that on the standard dataset of industrial control network， GATL has an average F1-score of 81.59% in detecting unknown attacks in the target domain while maintaining a high detection rate of known attacks， which is 63.21 and 64.04 percentage points higher than the average F1-score of Dynamic Adversarial Adaptation Network （DAAN） and Information-enhanced Adversarial Domain Adaptation （IADA） method， respectively.