Industrial Control Systems (ICS) are integrated in many areas and critical infrastructures from manufacturing systems to energy production and distribution networks. Originally, these systems have been designed to insure the productivity and reliability of a system. Since the beginning of the century, ICS are targeted by hackers that use vulnerabilities in control-command architecture and component to physically damage the system and its environment. These vulnerabilities are induced by introduction of Information Technology (IT) that brings major improvements as communication speed or standardization of architecture. Furthermore, despite these advantages, IT provides incomplete or incompatible solutions from security point of view for ICS. This paper presents an innovative approach for detecting intrusions in ICS based on different works in safety and security fields. Indeed, by coupling the Filter Approach with theory of Intrusion Detection System (IDS), we propose an approach to detect and block orders that could damage the system. Moreover, the notion of distance between states is developed to anticipate potential attacks and distinguish cyberattacks from classical failures. The study is supported by simulation inspired by classical ICS and industrial platforms.