Abstract:With the networking of industrial control systems(ICS), its original closeness has been broken. Various viruses and Trojans have entered ICS with normal information flow, which has seriously threatened the security of ICS. Then, how to protect ICS security becomes an issue of prior importance. Intrusion detection, as an active information security protection technology, can effectively remedy the shortcomings of traditional security protection technologies such as firewalls. It is often considered as the second security line of ICS, and can realize real-time detection of external and internal intrusions of ICS. At present, the research of intrusion detection in industrial control systems is very active. Researchers from different fields, such as computer, automation and communication, have proposed a series of ICS intrusion detection methods from different perspectives, which has become a hot research direction in the field of ICS security. This paper briefly reviews the state-of-art of the ICS intrusion detection, the existing problems and the problems to be further solved.