CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet


Project Number: 509-17216

Project Manager: Prof. dr. Anne K.I. Remke / Prof. dr. ir. B.R. Haverkort

Faculty of Electrical Engineering, Mathematics and Computer Science

Tel.: +31-53-4895428 / 4893766; by absence: +31-53-489 8041

Email: a.k.i.remke@utwente.nl / b.r.h.m.haverkort@utwente.nl

Project website:


SCADA (Supervisory Control And Data Acquisition Systems) networks control physical processes, such as electricity grids, and are increasingly vulnerable to cyber attacks, due to unauthenticated and non-encrypted communication protocols. However, the continuous operation (dependability) of the physical processes is of utmost importance to society and industry. SCADA security has mainly been considered separately from the physical processes they control, even though attacks and countermeasures have a direct impact on the physical process. We propose to use predictive knowledge of the physical process (i) to improve intrusion detection capabilities, (ii) to assess the impact of security breaches, and (iii) to justify countermeasures.

The key idea of this proposal is to build process-aware intrusion detection techniques for Smart Grids, which requires, next to state-of-the-art network intrusion detection, an accurate model of the physical processes that can be evaluated in real time. Due to the complex nature of Smart Grids, the model of the physical process has to combine discrete and continuous characteristics with stochastic behaviour (so-called “stochastic hybrid models”). This model is then combined with a model that describes “normal” network traffic. Together this allows for anomaly detection in both the network traffic and the behaviour of the physical system.

This resulting self-awareness monitor (SAM) will detect malicious behaviour that cannot be detected solely from SCADA traffic. Furthermore, it can predict future behaviour of the smart grid and quantify the impact of security breaches and different counter-measures on the physical process.

Project duration: October 2014 – October 2018

Project Coordinators: Prof. dr. Anne Remke and Prof. dr. ir. B.R. Haverkort

Project budget CTIT: 250 k-€ funding

Number of person/years CTIT: 1.2 fte/year

Involved groups: Design and Analysis of Communication Systems (DACS)

CTIT Research Centre: Centre for Safety and Security in Smart Societies (C.S4)