In the industrial control network, there are some known anomaly behaviors and some unknown anomaly behaviors in network communication. The white list method can effectively detect the known abnormal behaviors in the rule library, but the detection rate of unknown anomaly behaviors is low. In order to improve the detection rate on the basis of full mining of valid information, an intrusion detection method combining white list filtering and neural network unsupervised learning algorithm named AMPSO-BP was proposed to apply on routers between the servers of manage network and industrial network. Firstly, the white list technology was used to filter the communication behaviors that could not match with the white list rules base at first time; then the results of sample training by offline unsupervised learning in neural network system were used to filter the abnormal communication behaviors that trusted with the white list at second time. The neural network was used to improve the detection rate under incomplete information, and according to the neural network detection results, the white list rule library was improved constantly to promote the detection rate of abnormal communication over network. The Particle Swarm Optimization algorithm with Adaptive Mutation (AMPSO) was used as training function for the BP (Back Propagation) neural network, and the adaptive mutation process was added to the Particle Swarm Optimization (PSO) algorithm to avoid falling into the local optimal solution prematurely during the training process. Two groups of training and testing data sets were used in experiment. The experimental results show that the detection accuracy of AMPSO-BP combined with white list is higher than that of PSO-BP combined with white list.