Abstract: Machine learning has achieved great success in computer vision, natural language processing and other fields in the past few years. In recent years, machine learning technology has gradually become one of the mainstream technologies in the field of cyber-security, and many intrusion detection technologies based on machine learning have emerged in the field of the industrial Internet. Aiming at landing machine learning-based intrusion detection technology into the real industrial system network, we conduct an in-depth analysis of related work in the field. We summarize the uniqueness of machine learning-based intrusion detection in the industrial Internet and extract three research points from the workflow of intrusion detection in industrial control system (ICS). Based on the research points that different researches focus on, we divide machine learning-based intrusion detection system (IDS) in ICS into three categories: algorithm design-oriented researches, application challenges and limitations-oriented researches, and ICS attack scenario-oriented researches. The taxonomy shows the significance of different research work as well as exposes the problems existing in the research field at present. It can provide a good research direction and reference for future work. In the end, we propose two promising research directions in this field based on the latest developments in machine learning.