Industrial control systems (ICSs) are more vulnerable to cyber threats owing to their network connectivity. The intrusion detection system(IDS) has been deployed to detect sophisticated cyber-Attack but the existing IDS uses the packet header information for traffic flow detection. IDS is inefficient to detect packet deformation; therefore, we propose the adoption of packet payload in IDS to respond to a variety of attacks and high performance. Our proposed model detects packet modification and traffic flowby inspecting each packet and sequence of packets. For evaluation, cross verification is conducted to increase the reliability of the statistics.