The industry targeted cyber-attacks has increased in the recent years. In addition, digitalizing the instrumentation and control brings new cybersecurity challenges to the supervisory control and data acquisition (SCADA) system; therefore, the cybersecurity of the SCADA system should be enhanced. This paper proposed an auto-associative kernel regression (AAKR) data-driven model based on network flow data for early attack detection of SCADA system. This model is integrated to the cyber-attack detection system (CADS) proposed before to provide multi-layer defense and better coverage of detectable cyber-attacks. For generating data for the research, a real-time SCADA system test bed was built at the University of Tennessee. It contains a physically modeled thermal-hydraulic part for a typical two-loop nuclear system; a SCADA system based on LabVIEW and a programmable logic controller (PLC); a local area network (LAN)-based cyber network which enables cyber-attacks and data collection. The normal data set and two abnormal data sets fed into the proposed auto-associative kernel regression (AAKR) model were collected under the normal operation, man in the middle (MITM) and denial of service (DoS) attack scenarios, respectively. The result shows that the proposed AAKR model is able to detect the MITM and DoS attacks effectively with almost no false alarms.