Abstract: At present,industrial control system is widely used in electric power,transportation,water conservancy,large manufacturing industry and national critical infrastructure．ICS has become the important part of the national security strategy．The attacks against to the industrial control systems are more and more frequent,and there are little security products specifically for the industrial control system．Although most of the configuration software has variable alarm function,it is just sutable for a single variable,rarely from an overall consideration of the overall security．In order to effectively improve the industrial control system information security protection,based on the specific data and protocol and the highly real-time requirement,this paper proposed the Adaptive Clustering-Based Outlier Detection——ACBOD method to analyze the variable data from the OPC Server．This method has 4parts:data acquisition,clustering,Identification of clusters,and the cluster outlier detection．The testing results show that this method can find abnormal data in industrial control systems effective,also can find an unknown exception,and it can greatly improve the industrial control system safety protection ability.

Key words: Industrial control system,Clustering,Outlier mining,Adaptive clustering,Abnormal behavior detection