Safeguarding SCADA Systems with Anomaly Detection

  • John Bigham
  • David Gamez
  • Ning Lu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


This paper will show how the accuracy and security of SCADA systems can be improved by using anomaly detection to identify bad values caused by attacks and faults. The performance of invariant induction and n- gram anomaly-detectors will be compared and this paper will also outline plans for taking this work further by integrating the output from several anomaly- detecting techniques using Bayesian networks. Although the methods outlined in this paper are illustrated using the data from an electricity network, this research springs from a more general attempt to improve the security and dependability of SCADA systems using anomaly detection.


Bayesian Network Anomaly Detection Electricity Network Topology Error SCADA System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Clements, K.A., Davis, P.W.: Detection and Identification of Topology Errors in Electric Power Systems. IEEE Transactions on Power Systems 3(4) ( November 1988)Google Scholar
  2. 2.
  3. 3.
    Damashek, M.: Gauging Similarity with n-Grams: Language-Independent Categorization of Text. Science 267(10), 843–848 (1995)CrossRefGoogle Scholar
  4. 4.
    dti (Department of Trade and Industry, UK). Information Security Breaches Survey (2002), available at:
  5. 5.
    Dĕroski, S., Todorovski, L.: Discovering Dynamics: From Inductive Logic Programming to Machine Discovery. Journal of Intelligent Systems 4, 89–108 (1994)Google Scholar
  6. 6.
    Ernst, M.D.: Dynamically Discovering Likely Program Invariants, PhD Thesis, University of Washington (2000)Google Scholar
  7. 7.
    Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Press, Los Alamitos (1996)Google Scholar
  8. 8.
    González-Pérez, C., Wollenberg, B.F.: Analysis of Massive Measurement Loss in Large-Scale Power System State Estimation. IEEE Transactions on Power Systems 16(4) (November 2001)Google Scholar
  9. 9.
    Higgins, M. (ed.): Symantec Internet Security Threat Report, Volume 3 (February 2003)Google Scholar
  10. 10.
    Langley, P., Simon, H., Bradshaw, G.: Heuristics for empirical discovery. In: Bolc, L. (ed.) Computational Models of Learning. Springer, Berlin (1987)Google Scholar
  11. 11.
    Lemos, R., Borland, J., Bowman, L., Junnarkar, S.: E-terrorism, Special Report, August 27 (2002)Google Scholar
  12. 12.
    National Security Telecommunications Advisory Committee Information Assurance Task Force, Electric Power Risk Assessment, (March 1997),
  13. 13.
    Oman, P., Schweitzer, E., Roberts, J.: Safeguarding IEDs, Substations, and SCADA Systems Against Electronic Intrusions, available at:
  14. 14.
    Pereira, J.C., Saraiva, J.T., Miranda, V.C., Antonio, S.L., Clements, K.A.: Comparison of Approaches to Identify Topology Errors in the Scope of State Estimation Studies. In: Proceedings of the, IEEE Porto Power Tech Conference, Porto, Portugal, 10th – 13th (September 2001)Google Scholar
  15. 15.
    Rao, R.B., Lu, S.C.-Y.: KEDS: a knowledge-based equation discovery system for engineering problems. In:Proceedings of the Eighth Conference on Artificial Intelligence for Applications, 2–6, (March 1992), pp. 211–217 (1992)Google Scholar
  16. 16.
    Reliability Test System Task Force of the Application of Probability Methods Subcommittee, ‘IEEE Reliability Test System’. IEEE Transactions on Power Apparatus and Systems PAS-98(6) (November/December 1979)Google Scholar
  17. 17.
    Safeguard website,
  18. 18.
    Sterling, B.: The Hacker Crackdown, available at:
  19. 19.
    Tan, K.M.C., Maxion, R.A.: Why 6? Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector. In: IEEE Symposium on Security and Privacy, Berkeley, California, 12–15 May, pp. 188–201 (2002)Google Scholar
  20. 20.
    Wood, A.J., Wollenberg, B.F.: Power Generation, Operation and Control, 2nd edn. John Wiley & Sons Inc.,New York (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • John Bigham
    • 1
  • David Gamez
    • 1
  • Ning Lu
    • 1
  1. 1.Department of Electronic EngineeringQueen Mary, University of LondonLondonUK

Personalised recommendations