Supervisory Control and Data Acquisition (SCADA) systems are a critical part of large industrial facilities, such as water distribution infrastructures. With the goal of reducing costs and increasing efficiency, these systems are becoming increasingly interconnected. However, this has also exposed them to a wide range of network security problems. Our research focus on the development of a novel flow-based intrusion detection system. Based on the assumption that SCADA networks are well-behaved, we believe that it is possible to model the normal traffic by establishing relations between network flows. To improve accuracy and provide more information on the anomalous traffic, we will also research methods to derive a flow-based model for anomalous flows.