“…While this may not always correspond to an attack, alertbased responses address inherent problems in SCADA operations, which are otherwise not possible to capture using traditional IT-based IDS. Based on the requirements of the strict availability, the IDS can respond immediately to unusual situations [56, 63, 69, 91-93, 95, 132, 133, 135, 138, 141], or provide a delayed notification summarizing similar alarms [52,74,79,88,100,114,122,123]. Information-Centric: If we examine the information used for the detection, then IDS systems can be further categorized into Host-based Intrusion Detection (HID) and Networkbased Intrusion Detection (NID).…”