Analysis of Anomaly Detection Approaches Performed through Deep Learning Methods in SCADA Systems

Altunay H. C., Albayrak Z., Ozalp A. N., Cakmak M.

3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications, HORA 2021, Ankara, Turkey, 11 - 13 June 2021 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/hora52670.2021.9461273
  • City: Ankara
  • Country: Turkey
  • Keywords: Anomaly Detection, Deep Learning, Feature Learning, Industrial Control Systems, SCADA
  • Ondokuz Mayıs University Affiliated: Yes


Supervisory control and data acquisition (SCADA) systems are used with monitoring and control purposes for the process not to fail in industrial control systems. Today, the increase in the use of standard protocols, hardware, and software in the SCADA systems that can connect to the internet and institutional networks causes these systems to become a target for more cyber-attacks. Intrusion detection systems are used to reduce or minimize cyber-attack threats. The use of deep learning-based intrusion detection systems also increases in parallel with the increase in the amount of data in the SCADA systems. The unsupervised feature learning present in the deep learning approaches enables the learning of important features within the large datasets. The features learned in an unsupervised way by using deep learning techniques are used in order to classify the data as normal or abnormal. Architectures such as convolutional neural network (CNN), Autoencoder (AE), deep belief network (DBN), and long short-term memory network (LSTM) are used to learn the features of SCADA data. These architectures use softmax function, extreme learning machine (ELM), deep belief networks, and multilayer perceptron (MLP) in the classification process. In this study, anomaly-based intrusion detection systems consisting of convolutional neural network, autoencoder, deep belief network, long short-term memory network, or various combinations of these methods on the SCADA networks in the literature were analyzed and the positive and negative aspects of these approaches were explained through their attack detection performances.