Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

Abstract : This report describes the software architecture and capabilities of an industrial control system process-oriented intrusion detection (iPoid) algorithm developed in the Army Cyber-Research Analytics Laboratory (ACAL) at the US Army Research Laboratory. The iPoid algorithm performs packet inspection of Modbus transmission control protocol communications by applying rules to detect suspicious activity. ACALs iPoid creates alert messages for security analysts if further investigation is required. We illustrate the iPoid algorithm using a research intrusion-detection system. This report describes the iPoid algorithm and how its software functions, how to write the analysis rules, and how to test the software.