Modbus　over　TCP/IP　is　one　of　the　most　popular　industrial　network　protocol　that　are　widely　used　in　critical　infrastructures.　However,　vulnerability　of　Modbus　TCP　protocol　has　attracted　widely　concern　in　the　public.　The　traditional　intrusion　detection　methods　can　identify　some　intrusion　behaviors,　but　there　are　still　some　problems.　In　this　paper,　we　present　an　innovative　approach,　SD-IDS　(Stereo　Depth　IDS),　which　is　designed　for　perform　real-time　deep　inspection　for　Modbus　TCP　traffic.　SD-IDS　algorithm　is　composed　of　two　parts:　rule　extraction　and　deep　inspection.　The　rule　extraction　module　not　only　analyzes　the　characteristics　of　industrial　traffic,　but　also　explores　the　semantic　relationship　among　the　key　field　in　the　Modbus　TCP　protocol.　The　deep　inspection　module　is　based　on　rule-based　anomaly　intrusion　detection.　Furthermore,　we　use　the　online　test　to　evaluate　the　performance　of　our　SD-IDS　system.　Our　approach　get　a　low　rate　of　false　positive　and　false　negative.