In this work, a new approach will be introduced as a development for the attack-tolerant scheme in the Networked Control System (NCS). The objective is to be able to detect to an attack such as the Stuxnet case where the controller is reprogrammed and hijacked. Beside the ability to detect the stealthy controller hijacking attack. The advantage of this approach is that there is no need for a priori mathematical model of the controller. In order to implement the proposed scheme, a specific detector for the controller hijacking attack is designed. The performance of this scheme is evaluated be connected the detector to NCS with basic security elements such as Data Encryption Standard (DES), Message Digest (MD5), and timestamp. The detector is tested along with networked PID controller under stealthy hijacking attack. The test results of the proposed method show that the hijacked controller can be significantly detected and recovered.