Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

Abstract

This report describes the software architecture and capabilities of an industrial control system process-oriented intrusion detection (iPoid) algorithm developed in the Army Cyber-Research Analytics Laboratory (ACAL) at the US Army Research Laboratory. The iPoid algorithm performs packet inspection of Modbus transmission control protocol communications by applying rules to detect suspicious activity. ACALs iPoid creates alert messages for security analysts if further investigation is required. We illustrate the iPoid algorithm using a research intrusion-detection system. This report describes the iPoid algorithm and how its software functions, how to write the analysis rules, and how to test the software.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2016
Accession Number
AD1016384

Entities

People

  • Christopher A Walsh
  • Daniel T. Sullivan
  • Edward J. Colbert
  • Kenneth D. Renard
  • Phillip L Tucker
  • Stephen R Neyens
  • Travis W. Parker

Organizations

  • United States Army Research Laboratory

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Control Systems
  • Detection
  • Detectors
  • Graphical User Interface
  • Industrial Control Systems
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Military Research
  • Network Protocols
  • Operating Systems
  • Software Design
  • Supervisory Control

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Software Engineering

Technology Areas

  • Cyber