A device may receive a hash table that includes lists of protocol detectors, wherein the hash table is generated based on historical process data identifying potential process variables associated with an industrial control system. The device may receive a packet identifying potential process variables associated with the industrial control system, and may extract, from the packet, packet data identifying a source address, a destination address, a port, and a transport protocol. The device may compare the packet data with data in the hash table to identify a set of lists of protocol detectors, and may process the packet data, with the set of lists of protocol detectors, to determine a matching protocol, no matching protocol, or a potential matching protocol for the packet. The device may perform one or more actions based on determining the matching protocol, no matching protocol, or the potential matching protocol for the packet.