Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

Report No. ARL-TR-7767
Authors: Daniel T Sullivan, Edward J Colbert, Kenneth D Renard, Phillip L Tucker, Travis W Parker, Stephen R Neyens, Christopher A Walsh
Date/Pages: August 2016; 34 pages
Abstract: This report describes the software architecture and capabilities of an industrial control system process-oriented intrusion detection (iPoid) algorithm developed in the Army Cyber-Research Analytics Laboratory (ACAL) at the US Army Research Laboratory. The iPoid algorithm performs packet inspection of Modbus transmission control protocol communications by applying rules to detect suspicious activity. ACAL's iPoid creates alert messages for security analysts if further investigation is required. We illustrate the iPoid algorithm using a research intrusion-detection system. This report describes the iPoid algorithm and how its software functions, how to write the analysis rules, and how to test the software.
Distribution: Approved for public release
  Download Report ( 0.904 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: August 1, 2016