Industrial control networks are the core part of critical infrastructures such as power grid and oil refinery. In recent years, the number of cyber-attacks to industrial control networks are growing increasingly. Moreover, connecting industrial networks to the public network makes these critical infrastructures more vulnerable to the cyber-attacks. Therefore, improving the security of these networks has attracted much attention nowadays. To protect industrial control networks, the proposed online method is able to detect anomalies with low computational time while do not use prior knowledge about the system and anomalies. This method can adjust the severity of detection in order to efficiently detect changes which lead to anomalies; And also can be adapted to inevitable network changes by updating the anomaly threshold using the latest normal states. The proposed method finds anomalies in the network using high-pass filters and Euclidean distance of the current state with the latest states. To evaluate the efficiency of the proposed approach, a boiler control system is simulated and three test datasets are provided from this simulation. The proposed intrusion detection system was evaluated through these datasets, as well as the SWaT dataset. The results show that the proposed approach not only is highly effective for detecting anomalies, but also is adaptable to the normal variations in the network.

工业控制网络是关键基础设施（如电网和炼油厂）的核心部分。近年来，对工业控制网络的网络攻击越来越多。此外，将工业网络连接到公共网络使这些关键基础设施更容易受到网络攻击。因此，如今，提高这些网络的安全性已引起了广泛关注。为了保护工业控制网络，所提出的在线方法能够以较低的计算时间检测异常，而无需使用有关系统和异常的先验知识。此方法可以调整检测的严重程度，以便有效地检测导致异常的变化；通过使用最新的正常状态更新异常阈值，还可以适应不可避免的网络更改。所提出的方法使用高通滤波器和当前状态与最新状态的欧几里得距离来查找网络中的异常。为了评估所提出方法的效率，对锅炉控制系统进行了仿真，并从该仿真中提供了三个测试数据集。通过这些数据集以及SWaT数据集对提议的入侵检测系统进行了评估。结果表明，该方法不仅对异常检测非常有效，而且适应网络中的正常变化。为了评估所提出方法的效率，对锅炉控制系统进行了仿真，并从该仿真中提供了三个测试数据集。通过这些数据集以及SWaT数据集对提议的入侵检测系统进行了评估。结果表明，该方法不仅对异常检测非常有效，而且适应网络中的正常变化。为了评估所提出方法的效率，对锅炉控制系统进行了仿真，并从该仿真中提供了三个测试数据集。通过这些数据集以及SWaT数据集对提议的入侵检测系统进行了评估。结果表明，该方法不仅对异常检测非常有效，而且适应网络中的正常变化。