Abstract

Supervisory Control and Data Acquisition (SCADA) systems are widely used to control and monitor critical infrastructure such as power plants and water treatment facilities. These systems are part of Industrial Control Systems (ICS) and are increasingly integrated with IT and cloud infrastructures, which has significantly increased their exposure to cyber-attacks. To address these security challenges, several protective mechanisms have been developed for SCADA networks, among which intrusion detection systems (IDS) play a crucial role. This survey presents a comparative study of existing IDS approaches applied in SCADA systems, ranging from traditional rule-based, signature-based, and anomaly-based models to advanced machine learning and deep learning techniques. Furthermore, the strengths and limitations of these IDS approaches are analyzed to identify existing research gaps in SCADA-specific intrusion detection. Finally, a methodological direction aimed at improving IDS performance for effective detection and prevention of cyber-attacks on SCADA systems is discussed, providing valuable guidance for future research on SCADA-specific IDS.

References

• D. Pliatsios et al., “A survey on SCADA systems: secure protocols, incidents, threats and tactics,” IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1942–1976, 2020.
• M. Alanazi, A. Mahmood, and M. J. M. Chowdhury, “SCADA vulnerabilities and attacks: A review of the state- of-the-art and open issues,” Computers & Security, vol. 125, p. 103028, 2023.
• B. Zhu and S. Sastry, “SCADA-specific intrusion detection/prevention systems: A survey and taxonomy,” in Proc. 1st Workshop on Secure Control Systems (SCS), 2010.
• R. Mohan and B. S. Narayana, “Distributed intrusion de- tection system using semantic-based rules for SCADA in smart grid,” in Proc. IEEE/PES Transmission and Distribution Conf. and Exposition (T&D), 2020.
• G. Yadav and K. Paul, “Architecture and security of SCADA systems: A review,” Int. J. Critical Infrastructure Protection, vol. 34, p. 100433, 2021.
• N. R. Rodofile, K. Radke, and E. Foo, “Extending the cyber- attack landscape for SCADA-based critical infrastructure,” Int. J. Critical Infrastructure Protection, vol. 25, pp. 14–35, 2019.
• A.B. Ajmal et al., “Last line of defense: Reliability through inducing cyber threat hunting with deception in SCADA net- works,” IEEE Access, vol. 9, pp. 126789–126800, 2021.
• M. Robinson, “The SCADA threat landscape,” in Proc. 1st Int. Symp. for ICS & SCADA Cyber Security Research, BCS Learning & Development, 2013.
• J. Gao et al., “Omni SCADA intrusion detection using deep learning algorithms,” arXiv preprint arXiv:1908.01974, 2019.
• L. A. Maglaras and J. Jiang, “Intrusion detection in SCADA systems using machine learning techniques,” in Proc. Science and Information Conf., IEEE, pp. 626–631, 2014.
• H. S. Nay, M. O. Al-Kasassbeh, and M. A. Al-Akhras, “A sur- vey of specification-based intrusion detection systems,” Int. J. Computer Applications, vol. 975, pp. 8887, 2015.
• D. Yang, A. Usynin, and J. W. Hines, “Anomaly-based intrusion detection for SCADA systems,” in Proc. NPIC&HMIT, 2013.
• T. Nay, “Enhancing IoT security with AI-driven hybrid ma- chine learning and neural network-based intrusion detection system,” Babylonian J. Artificial Intelligence, 2024.
• Ahmed and A. A. R. Tonoy, “Cybersecurity in industrial control systems: A systematic literature review on AI-based threat detection for SCADA and IoT networks,” ASRC Procedia, 2025.
• S. Balaba et al., “Graph-based anomaly detection in indus- trial control systems,” in Proc. IEEE Ural-Siberian Conf. on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), 2025.
• T. N. I. Alrumaih and M. J. F. Alenazi, “CGAAD: Centrality- and graph-aware deep-learning model for detecting cyberattacks targeting industrial control systems in critical infrastruc- ture,” IEEE Internet of Things Journal, vol. 11, no. 13, pp. 24162–24182, 2024.
• S. N. Mohan, G. Ravikumar, and M. Govindarasu, “Dis- tributed intrusion detection system using semantic-based rules for SCADA in smart grid,” in Proc. IEEE/PES Trans- mission and Distribution Conf. and Exposition (T&D), 2020.
• A. Khan et al., “HML-IDS: A hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems,” IEEE Access, vol. 7, pp. 89507–89521, 2019.
• P. Kreimel et al., “Anomaly detection in substation networks,” J. Information Security and Applications, vol. 54, p. 102527, 2020.
• S. Idima, P. Nwaga, and P. Evah, “Comprehensive analysis of SCADA system data for intrusion detection using machine learning,” Global J. Engineering and Technology Advances, vol. 22, no. 2, pp. 064–089, 2025.
• L. Rajesh and P. Satyanarayana, “Evaluation of machine learning algorithms for detection of malicious traffic in SCADA network,” J. Electrical Engineering & Technology, vol. 17, no. 2, pp. 913–928, 2022.
• A. Balla et al., “Applications of deep learning algorithms for supervisory control and data acquisition intrusion detection system,” Cleaner Engineering and Technology, vol. 9, p. 100532, 2022.