Abstract
In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ASHRAE: BACnet - a data communication protocol for building automation and control networks. Standard (2016)
Becker, R., Eick, S., Wilks, A.: Visualizing network data. IEEE Trans. Visual Comput. Graphics 1(1), 16–28 (1995)
Brandstetter, T., Reisinger, K.: (in)security in Building Automation How to Create Dark Buildings with Light Speed. Blackhat (2017)
Caselli, M., Zambon, E., Amann, J., Sommer, R., Kargl, F.: Specification mining for intrusion detection in networked control systems. In: 25th USENIX Security Symposium, pp. 791–806 (2016)
Costante, E., den Hartog, J., Petković, M., Etalle, S., Pechenizkiy, M.: A white-box anomaly-based framework for database leakage detection. J. Inf. Secur. Appl. 32, 27–46 (2017)
Domingues, P., Carreira, P., Vieira, R., Kastner, W.: Building automation systems: concepts and technology review. Comput. Stand. Interfaces 45, 1–12 (2016)
Esquivel-Vargas, H., Caselli, M., Peter, A.: Automatic deployment of specification-based intrusion detection in the BACnet protocol. In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 25–36 (2017)
Fauri, D., Kapsalakis, M., dos Santos, D., Costante, E., den Hartog, J., Etalle, S.: Leveraging semantics for actionable intrusion detection in building automation systems. In: Critical Information Infrastructures Security, pp. 113–125 (2019)
Fauri, D., dos Santos, D., Costante, E., den Hartog, J., Etalle, S., Tonetta, S.: From system specification to anomaly detection (and back). In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 13–24 (2017)
Holmberg, D.: BACnet wide area network security threat assessment. Technical report, NIST (2003)
Johnstone, M., Peacock, M., den Hartog, J.: Timing attack detection on BACnet via a machine learning approach. In: Proceedings of the 13th Australian Information Security Management Conference, pp. 57–64 (2015)
Kastner, W., Neugschwandtner, G., Soucek, S., Newman, H.M.: Communication systems for building automation and control. Proc. IEEE 93(6), 1178–1203 (2005)
Mundt, T., Wickboldt, P.: Security in building automation systems - a first analysis. In: International Conference On Cyber Security And Protection Of Digital Services, pp. 1–8 (2016)
Pan, Z., Hariri, S., Al-Nashif, Y.: Anomaly based intrusion detection for building automation and control networks. In: IEEE/ACS 11th International Conference on Computer Systems and Applications, pp. 72–77 (2014)
Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)
Tonejc, J., Guttes, S., Kobekova, A., Kaur, J.: Machine learning methods for anomaly detection in BACnet networks. J. Univ. Comput. Sci. 22(9), 1203–1224 (2016)
Urbina, D., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092–1105 (2016)
Webster, S., Lippmann, R., Zissman, M.: Experience using active and passive mapping for network situational awareness. In: 5th IEEE International Symposium on Network Computing and Applications, pp. 19–26 (2006)
Wendzel, S., Tonejc, J., Kaur, J., Kobekova, A.: Cyber Security of Smart Buildings, pp. 327–351. Wiley, Hoboken (2017). Chapter 16
Yüksel, O., den Hartog, J., Etalle, S.: Reading between the fields: practical, effective intrusion detection for industrial control systems. In: Proceedings of the 31st Annual ACM Symposium on Applied Computing, pp. 2063–2070 (2016)
Yüksel, Ö., den Hartog, J., Etalle, S.: Towards useful anomaly detection for back office networks. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 509–520. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49806-5_30
Zheng, Z., Reddy, A.: Safeguarding building automation networks: THE-driven anomaly detector based on traffic analysis. In: 26th International Conference on Computer Communication and Networks, pp. 1–11 (2017)
Ziegenfus, S.: BACnet® is in a “family way”. ASHRAE J. 58(9), 100–102 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Fauri, D., Kapsalakis, M., dos Santos, D.R., Costante, E., den Hartog, J., Etalle, S. (2019). Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2019. Lecture Notes in Computer Science(), vol 11543. Springer, Cham. https://doi.org/10.1007/978-3-030-22038-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-22038-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22037-2
Online ISBN: 978-3-030-22038-9
eBook Packages: Computer ScienceComputer Science (R0)