Supervisory Control and Data Acquisition (SCADA) systems control and monitor critical infrastructure in society, such as electricity transmission and distribution systems. Modern SCADA systems are increasingly adopting open standards and being connected to the Internet to enable remote control. A boost in sophisticated attacks against SCADA systems makes SCADA security a pressing issue. An Intrusion Detection System (IDS) is a security countermeasure that monitors a network and tracks unauthenticated activities inside the network. Most commercial IDSs used in general IT systems are signature-based, by which an IDS compares the system behaviors with known attack patterns. Unfortunately, recent attacks against SCADA systems exploit zero-day vulnerabilities which are undetectable by signature-based IDSs.This thesis aims to enhance SCADA system monitoring by network-based anomaly detection that models normal behaviors and finds deviations from the model. With network-based anomaly detection, zero-day attacks are possible to detect. There are two main challenges for network-based anomaly detection. The first challenge is the potentially large number of false positives coming from benign traffic that just deviates from the trained model due to the noises. To address this challenge, this thesis proposes several traffic modeling approaches based on statistics and machine learning techniques for the regular communication patterns in SCADA traffic. The second challenge is the lack of open datasets to evaluate the proposed approaches. Consequently, this thesis proposes a traffic generation framework.Thanks to Jonas Almroth, Erik Westring, and Peter Andersson in FOI and other industrial partners for helping with data collection and providing another point of view. Thanks the Swedish Civil Contingencies Agency (MSB) for financing the studies in this thesis within the Resilient Control and Information Systems (www.rics.se) project. I'm also grateful to all the PhD students, external experts, and professors that I have met within RICS project and SWITS association for the inspiring discussions and comments.Special thanks to all the administrative personnel. Thanks to Anne Moe for her compassionate support and assistance from onboarding to completion of thesis defense. I would also like to express my gratitude to former and current administrative members in the division, Eva Pelayo Danils, Åsa Kärrman, Lene Rosell, for their contributions to an efficient working environment for all of us in RTSLab and IDA.I would like to thank all the former and current members of RTSLab for contributing to an enjoyable and inspiring working environment. I appreciate their valuable input to my research and presentations during the RTS meetings or fikas. Thanks to my lunch companions for providing relaxing breaks that are full of fun and useful life experiences.Finally, I would like to express special thanks to my family and friends for encouragement and support in the past years. I would not have been able to get through the tough times without ...