Modern Supervisory Control and Data Acquisition SCADA systems used by the electric utility industry to monitor and control electric power generation, transmission and distribution are recognized today as critical components of the electric power delivery infrastructure. SCADA systems are large, complex and incorporate increasing numbers of widely distributed components. The presence of a real time intrusion detection mechanism, which can cope with different types of attacks, is of great importance, in order to defend a system against cyber attacks This defense mechanism must be distributed, cheap and above all accurate, since false positive alarms, or mistakes regarding the origin of the intrusion mean severe costs for the system. Recently an integrated detection mechanism, namely IT-OCSVM was proposed, which is distributed in a SCADA network as a part of a distributed intrusion detection system (IDS), providing accurate data about the origin and the time of an intrusion. In this paper we also analyze the architecture of the integrated detection mechanism and we perform extensive simulations based on real cyber attacks in a small SCADA testbed in order to evaluate the performance of the proposed mechanism. using comparative metrics of network's structure during normal and abnormal operation, we can discover security policy breaches in a network. One can assume that network communication between nodes, constitutes a social network of users and their applications, so the appropriate methods of social network formal analysis can be applied [12]. In on-line social systems perpetrators of malicious behavior often display patterns of interaction that are quite different from regular users, which can be identified through the application of anomaly detection techniques. Thus, in accordance [8,7], network anomalies can be defined as patterns of interaction that significantly differ from the norm and in order to capture the appropriate patterns of interaction, specific aspects of entities' behavior are used (e.g. email analysis). Similar to this, in a SCADA system, individual entities demonstrate a quite different communication behavior when infected, in terms of mean packet generation frequency (traffic burst), protocol distribution or interaction pattern.Discovering anomalies in the context of a network system is a challenging issue due to the complexity of the environment and the different nature of the induced attacks. Regarding node behavior related decisions it makes sense to ask more than one decision mechanism, since this practice assures a more trusted final decision. Ensemble systems of classifiers are widely used for intrusion detection in networks [5,21]. These aim to include mutually complementary individual classifiers, which are characterized by high diversity in terms of classifier structure [24], internal parameters [11] or classifier inputs [13].In real time systems, in addition to fast response and accuracy limited communication between detection modules is also desirable. By sending an explicit message...