The invention discloses a network security configuration automatic generation system based on genetic algorithm. The system comprises a network multi-domain configuration semantic analysis module which extracts corresponding semantic information from multi-domain configuration of the network and obtains network multi-domain entity, entity relationship and security policy information. Centralized storage and management of network multi-domain entity information, entity relationship information and security policy information, network multi-domain information management module responsible for verifying its correctness; according to the rule, the actual privilege inference module can infer the actual privilege from the initial privilege of the user. According to the input user rights matrix and the user initial rights matrix, the optimal configuration of the corresponding network security equipment is automatically found, and the configuration and the corresponding security configurationmodule of the user actual rights matrix are output. The invention automatically configures the safety equipment in the network, avoids the potential policy conflict and configuration error in the network, effectively reduces the network attack surface and improves the safety protection level of the network.