Anomaly based intrusion detection for Building Automation and Control networks

Zhiwen Pan, Salim A Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.

Original languageEnglish (US)
Title of host publicationProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
PublisherIEEE Computer Society
Pages72-77
Number of pages6
Volume2015-March
ISBN (Print)9781479971008
DOIs
StatePublished - Mar 30 2015
Event2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014 - Doha, Qatar
Duration: Nov 10 2014Nov 13 2014

Other

Other2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014
CountryQatar
CityDoha
Period11/10/1411/13/14

Fingerprint

Intrusion detection
Automation
Network protocols
Fire alarm systems
Internet
Launching
Information services
Testbeds
Data mining
Monitoring

Keywords

  • anomaly detection
  • BACnet
  • Data mining
  • SCADA

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

Pan, Z., Hariri, S. A., & Al-Nashif, Y. (2015). Anomaly based intrusion detection for Building Automation and Control networks. In Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA (Vol. 2015-March, pp. 72-77). [7073181] IEEE Computer Society. https://doi.org/10.1109/AICCSA.2014.7073181

Anomaly based intrusion detection for Building Automation and Control networks. / Pan, Zhiwen; Hariri, Salim A; Al-Nashif, Youssif.

Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA. Vol. 2015-March IEEE Computer Society, 2015. p. 72-77 7073181.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Pan, Z, Hariri, SA & Al-Nashif, Y 2015, Anomaly based intrusion detection for Building Automation and Control networks. in Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA. vol. 2015-March, 7073181, IEEE Computer Society, pp. 72-77, 2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014, Doha, Qatar, 11/10/14. https://doi.org/10.1109/AICCSA.2014.7073181
Pan Z, Hariri SA, Al-Nashif Y. Anomaly based intrusion detection for Building Automation and Control networks. In Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA. Vol. 2015-March. IEEE Computer Society. 2015. p. 72-77. 7073181 https://doi.org/10.1109/AICCSA.2014.7073181
Pan, Zhiwen ; Hariri, Salim A ; Al-Nashif, Youssif. / Anomaly based intrusion detection for Building Automation and Control networks. Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA. Vol. 2015-March IEEE Computer Society, 2015. pp. 72-77
@inproceedings{29fa4c6c02744af49e9cf602df512a0f,
title = "Anomaly based intrusion detection for Building Automation and Control networks",
abstract = "Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.",
keywords = "anomaly detection, BACnet, Data mining, SCADA",
author = "Zhiwen Pan and Hariri, {Salim A} and Youssif Al-Nashif",
year = "2015",
month = "3",
day = "30",
doi = "10.1109/AICCSA.2014.7073181",
language = "English (US)",
isbn = "9781479971008",
volume = "2015-March",
pages = "72--77",
booktitle = "Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Anomaly based intrusion detection for Building Automation and Control networks

AU - Pan, Zhiwen

AU - Hariri, Salim A

AU - Al-Nashif, Youssif

PY - 2015/3/30

Y1 - 2015/3/30

N2 - Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.

AB - Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.

KW - anomaly detection

KW - BACnet

KW - Data mining

KW - SCADA

UR - http://www.scopus.com/inward/record.url?scp=84940859071&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84940859071&partnerID=8YFLogxK

U2 - 10.1109/AICCSA.2014.7073181

DO - 10.1109/AICCSA.2014.7073181

M3 - Conference contribution

AN - SCOPUS:84940859071

SN - 9781479971008

VL - 2015-March

SP - 72

EP - 77

BT - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA

PB - IEEE Computer Society

ER -