I. Introduction
Industrial control systems (ICS) are a vital part of society. More critical infrastructure systems, including those that supply electricity and water, are being connected to the Internet to allow for more efficient and dynamic control and allocation of resources. However, this network access makes these systems vulnerable to external attacks [1]. Many of these ICS attacks can be a nuisance or even have real world consequences, including those of life and death [2]. ICS are at an increased risk of attack because the protocols designed for these systems were meant to be run only on localized systems and serial lines. These systems were not meant for access over the Internet. It was extremely hard to get access to or inject bad data into these systems. Consequently, these systems did not employ any network security measures. In ICS connected to the Internet, adversaries can not only intercept packets and learn valuable information about critical infrastructure systems, but also inject bad data into these systems and perform denial of service attacks [3] [4]. Most ICS run on Modbus, DNP3, and more recently, IEC 68150. This project focuses on the Modbus protocol in the test case, but CB-IDPS generalizes to all industrial protocols.