US Patent 9660994 SCADA intrusion detection systems

According to one aspect, a SCADA system is provided. The SCADA system includes a network interface configured to communicate data with a plurality of industrial control devices via an industrial control system (ICS) network. The SCADA system further includes a memory storing SCADA configuration information including ICS network configuration information and device information descriptive of each industrial control device of the plurality of industrial control devices and at least one processor in data communication with the memory and the network interface. The SCADA system also includes an intrusion detection component executable by the at least one processor and configured to read the SCADA configuration information, generate, from the SCADA configuration information, authorized communication information descriptive of one or more expected communication types of communications authorized for transmission via the ICS network.