Nowadays, the industrial systems are more and more interconnected with the outside world. However, the interconnection of Supervisory Control and Data Acquisition (SCADA) systems with the outside world using Internet-based standards introduce numerous vulnerabilities to these systems. Although awareness is constantly rising, the SCADA systems are still exposed to serious threats. In this paper, a review of Intrusion Detection and report results is conducted in the surveyed works. In the end, we also discuss the potential research directions on this topic.


Intrusion Detection SCADA system Survey Machine learning 



This work was partially supported by the National Natural Science Foundation of China (Nos. 61502293, 61775058 and 61633016), the Shanghai Young Eastern Scholar Program (No. QD2016030), the Young Teachers’ Training Program for Shanghai College & University, the Science and Technology Commission of Shanghai Municipality (Nos. 18ZR1415000 and 17511107002) and the Shanghai Key Laboratory of Power Station Automation Technology.


  1. 1.
    Nader, P.: One-class classification for cyber intrusion detection in industrial systems. IEEE Trans. Ind. Inf. 10(4), 2308–2317 (2015)CrossRefGoogle Scholar
  2. 2.
    Chen, T.M., Abu-Nimeh, S.: Lessons from Stuxnet. Computer 44(4), 91–93 (2011)CrossRefGoogle Scholar
  3. 3.
    Do, V.L., Fillatre, L., Nikiforov, I., et al.: Feature article: security of SCADA systems against cyber-physical attacks. IEEE Aerosp. Electron. Syst. Mag. 32(5), 28–45 (2017)CrossRefGoogle Scholar
  4. 4.
    Dong, Y., Zhou, P.: Jamming attacks against control systems: a survey. In: Yue, D., Peng, C., Du, D., Zhang, T., Zheng, M., Han, Q. (eds.) LSMS/ICSEE -2017. CCIS, vol. 762, pp. 566–574. Springer, Singapore (2017). Scholar
  5. 5.
    Cardenas, A., Amin, S., Sinopoli, B., et al.: Challenges for securing cyber physical systems. In: First Workshop on Cyber-physical Systems Security, vol. 2010, pp. 363–369 (2010)Google Scholar
  6. 6.
    Kushner, D.: The Real Story of Stuxnet. IEEE Spectr. 50(3), 48–53 (2013)CrossRefGoogle Scholar
  7. 7.
    Fovino, I.N., Coletta, A., Masera, M.: Taxonomy of security solutions for the SCADA sector. Joint Research Centre of the European Commission (2010)Google Scholar
  8. 8.
    Bishop M.: Introduction to computer security. In: Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, pp. 170–174. IEEE (2004)Google Scholar
  9. 9.
    Lahza, H., Radke, K., Foo, E.: Applying domain-specific knowledge to construct features for detecting distributed denial-of-service attacks on the GOOSE and MMS protocols. Int. J. Crit. Infrastruct. Prot. 20, 48–67 (2017)CrossRefGoogle Scholar
  10. 10.
    Lin, H., Slagell, A., Kalbarczyk, Z.T., et al.: Runtime semantic security analysis to detect and mitigate control-related attacks in power grids. IEEE Trans. Smart Grid 9(1), 163–178 (2017)CrossRefGoogle Scholar
  11. 11.
    Wan, M., Shang, W., Zeng, P.: Double behavior characteristics for one-class classification anomaly detection in networked control systems. IEEE Trans. Inf. Forensics Secur. 12(12), 3011–3023 (2017)CrossRefGoogle Scholar
  12. 12.
    Shitharth, S., Winston, D.P.: An enhanced optimization based algorithm for intrusion detection in SCADA network. J. Comput. Secur. 70, 16–26 (2017)CrossRefGoogle Scholar
  13. 13.
    Sadhasivan, D.K., Balasubramanian, K.: A novel LWCSO-PKM-based feature optimization and classification of attack types in SCADA network. Arab. J. Sci. Eng. 42(8), 3435–3449 (2017)CrossRefGoogle Scholar
  14. 14.
    Kleinmann, A., Wool, A.: Automatic construction of statechart-based anomaly detection models for multi-threaded industrial control systems. ACM Trans. Intell. Syst. Technol. 8(4), 55 (2016)Google Scholar
  15. 15.
    Giuseppe, B., Miciolino, E.E., Pascucci, F.: Monitoring system reaction in cyber-physical testbed under cyber-attacks. Comput. Electr. Eng. 59, 86–98 (2017)CrossRefGoogle Scholar
  16. 16.
    Yang, Y., Xu, H.Q., Gao, L., et al.: Multidimensional intrusion detection system for IEC 61850-based SCADA networks. IEEE Trans. Power Deliv. 32(2), 1068–1078 (2017)CrossRefGoogle Scholar
  17. 17.
    Cruz, T., Rosa, L., Proença, J., et al.: A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Trans. Ind. Inf. 12(6), 2236–2246 (2017)CrossRefGoogle Scholar
  18. 18.
    Bermudez, I., Iliofotou, M., et al.: Towards automatic protocol field inference. Comput. Commun. 84(C), 40–51 (2016)CrossRefGoogle Scholar
  19. 19.
    Almalawi, A., Fahad, A., Tari, Z., et al.: An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Trans. Inf. Forensics Secur. 11(5), 893–906 (2016)CrossRefGoogle Scholar
  20. 20.
    Zhou, C., Huang, S., Xiong, N., et al.: Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation. IEEE Trans. Syst. Man Cybern. Syst. 45(10), 1345–1360 (2015)CrossRefGoogle Scholar
  21. 21.
    Erez, N., Wool, A.: Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems. Int. J. Crit. Infrastruct. Prot. 10, 59–70 (2015)CrossRefGoogle Scholar
  22. 22.
    Nader, P., Honeine, P., Beauseroy, P.: Ip-norms in one-class classification for intrusion detection in SCADA systems. IEEE Trans. Ind. Inf. 10(4), 2308–2317 (2014)CrossRefGoogle Scholar
  23. 23.
    Yang, Y., Mclaughlin, K., Sezer, S., et al.: Multiattribute SCADA-specific intrusion detection system for power networks. IEEE Trans. Power Deliv. 29(3), 1092–1102 (2014)CrossRefGoogle Scholar
  24. 24.
    Goldenberg, N., Wool, A.: Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63–75 (2013)CrossRefGoogle Scholar
  25. 25.
    Carcano, A., Coletta, A., Guglielmi, M., et al.: A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Trans. Ind. Inf. 7(2), 179–186 (2011)CrossRefGoogle Scholar
  26. 26.
    Yoo, H., Shon, T.: Novel approach for detecting network anomalies for substation automation based on IEC 61850. Multimed. Tools Appl. 74(1), 303–318 (2015)CrossRefGoogle Scholar
  27. 27.
    Hink, R.C.B., Beaver, J.M., Buckner, M.A., et al.: Machine learning for power system disturbance and cyber-attack discrimination. In: International Symposium on Resilient Control Systems, pp. 1–8. IEEE (2014)Google Scholar
  28. 28.
    Pan, S., Morris, T., Adhikari, U.: A specification-based intrusion detection framework for cyber-physical environment in electric power system. Int. J. Netw. Secur. 17(2), 174–188 (2015)Google Scholar
  29. 29.
    Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104–3113 (2015)CrossRefGoogle Scholar
  30. 30.
    Morris, T., Srivastava, A., Reaves, B., et al.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)CrossRefGoogle Scholar
  31. 31.
    Mitchell, T.M., Carbonell, J.G., Michalski, R.S.: Machine Learning. McGraw-Hill, New York (2003)Google Scholar
  32. 32.
    Zhou, P., Chang, R., Gu, X., et al.: Magic train: design of measurement methods against bandwidth inflation attacks. IEEE Trans. Dependable Secure Comput. PP(99), 1 (2018)Google Scholar
  33. 33.
    Zhou, P., Jiang, S., Irissappane, A., et al.: Toward energy-efficient trust system through watchdog optimization for WSNs. IEEE Trans. Inf. Forensics Secur. 10(3), 613–625 (2015)CrossRefGoogle Scholar
  34. 34.
    Lowd, D., Meek, C.: Adversarial learning. In: Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, pp. 641–647. ACM (2005)Google Scholar
  35. 35.
    Dalvi, N., Domingos, P., Sanghai, S., et al.: Adversarial classification. In: Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 99–108. ACM (2004)Google Scholar
  36. 36.
    Li, Y., Shi, L., Cheng, P., et al.: Jamming attacks on remote state estimation in cyber-physical systems: a game-theoretic approach. IEEE Trans. Autom. Control 60, 2831–2836 (2015)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Yuan, Y., Yuan, H., Guo, L., et al.: Resilient control of networked control system under DoS attacks: a unified game approach. IEEE Trans. Ind. Inf. 12(5), 1786–1794 (2016)CrossRefGoogle Scholar
  38. 38.
    Huang, J.Y., Liao, I.E., Chung, Y.F., et al.: Shielding wireless sensor network using markovian intrusion detection system with attack pattern mining. Inf. Sci. 231, 32–44 (2013)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Stouffer, K., Falco, J., Kent, K.: Guide to supervisory control and data acquisition (SCADA) and industrial control systems security, Spin (2006)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.School of Mechatronic Engineering and AutomationShanghai UniversityShanghaiChina

Personalised recommendations