Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

Sullivan, Daniel T; Colbert, Edward J; Renard, Kenneth D; Tucker, Phillip L; Parker, Travis W; Neyens, Stephen R; Walsh, Christopher A

Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

Active / Technical Report | Accession Number: AD1016384 |

Open PDF

Abstract:

This report describes the software architecture and capabilities of an industrial control system process-oriented intrusion detection iPoid algorithm developed in the Army Cyber-Research Analytics Laboratory ACAL at the US Army Research Laboratory. The iPoid algorithm performs packet inspection of Modbus transmission control protocol communications by applying rules to detect suspicious activity. ACALs iPoid creates alert messages for security analysts if further investigation is required. We illustrate the iPoid algorithm using a research intrusion-detection system. This report describes the iPoid algorithm and how its software functions, how to write the analysis rules, and how to test the software.

Author(s):

Sullivan, Daniel T ; Colbert, Edward J ; Renard, Kenneth D ; Tucker, Phillip L ; Parker, Travis W ; Neyens, Stephen R ; Walsh, Christopher A

Author Organization(s):

US Army Research Laboratory Cyber-Research Analytics Laboratory (ACAL) Adelphi United States

Descriptive Note:

Technical Report,01 Jul 2014,30 Jun 2016

Pagination:

0034

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

ARL-TR-7767

Subject Terms

Joint Capability Areas:

JCA_8_Building Partnerships; JCA_6_Net Centric; JCA_8.1_Communicate; JCA_8.1.3_Influence Adversary and Competitor Audiences; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_5_Command and Control; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_8.2_Shape; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_6.3.1_Optimized Network Functions and Resources; JCA_6.3.4_Cyber Management

Modernization Areas:

Cyber

Communities of Interest:

Materials and Manufacturing Processes

Descriptor(s):

industrial equipment, adaptive control systems, computer networks, intrusion detection systems, algorithms, monitoring

Field(s)/Group(s):

Computer Systems Management and Standards, Computer Systems, Manufacturing and Industrial Engineering and Control of Production Systems, Safety Engineering

Keyword(s):

Modbus protocol, industrial control systems, PLC(Programmable Logic Controller), iPoid(ICS process oriented intrusion detection), TCP(Transmission Control Protocol), industrial safety

Report Date:

2016 Aug 01

Creation Date:

2016 Aug 01