Critical infrastructures are making increasing use of digital technology for process control. While there are benefits, such as increased efficiency and new functionality, digitalization also introduces the risk of cyber-attacks to systems that support critical functions. A valuable target in these Industrial Control Systems (ICSs) are the Programmable Logic Controllers (PLCs) controlling the machinery that manages a physical process. PLCs have proven to be vulnerable to a range of cyber-attacks in the past; however, newer technologies such as embedded servers and virtualization have the potential to improve this situation and be used to monitor a PLC’s function. In this article, the implementation of a Host-based Intrusion Detection System (HIDS) for a modern PLC is described. This method uniquely makes use of native technologies on the PLC to monitor a dynamic simulated process in real time. Both the PLC’s integrity (checksum, file size, etc.) and the process control are monitored to determine whether the PLC has been compromised in a cyber-attack. The proposed solution detects a range of attacks, even when the PLC’s control logic is compromised and—unlike previous PLC HIDS methods—requires no modification of the underlying PLC technology.