Accession Number:

AD1016384

Title:

Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

Descriptive Note:

Technical Report,01 Jul 2014,30 Jun 2016

Corporate Author:

US Army Research Laboratory Cyber-Research Analytics Laboratory (ACAL) Adelphi United States

Personal Author(s):

• Sullivan,Daniel T
• Colbert,Edward J
• Renard,Kenneth D
• Tucker,Phillip L
• Parker,Travis W
• Neyens,Stephen R
• Walsh,Christopher A

Report Date:

2016-08-01

Pagination or Media Count:

34.0

Abstract:

This report describes the software architecture and capabilities of an industrial control system process-oriented intrusion detection iPoid algorithm developed in the Army Cyber-Research Analytics Laboratory ACAL at the US Army Research Laboratory. The iPoid algorithm performs packet inspection of Modbus transmission control protocol communications by applying rules to detect suspicious activity. ACALs iPoid creates alert messages for security analysts if further investigation is required. We illustrate the iPoid algorithm using a research intrusion-detection system. This report describes the iPoid algorithm and how its software functions, how to write the analysis rules, and how to test the software.

Descriptors:

• industrial equipment
• adaptive control systems
• computer networks
• intrusion detection systems
• algorithms
• monitoring

Subject Categories:

• Computer Systems Management and Standards
• Computer Systems
• Manufacturing and Industrial Engineering and Control of Production Systems
• Safety Engineering

Distribution Statement:

APPROVED FOR PUBLIC RELEASE