Anomaly based intrusion detection for Building Automation and Control networks

Zhiwen Pan, Salim A Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.

Original languageEnglish (US)
Title of host publicationProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
PublisherIEEE Computer Society
Pages72-77
Number of pages6
Volume2015-March
ISBN (Print)9781479971008
DOIs
StatePublished - Mar 30 2015
Event2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014 - Doha, Qatar
Duration: Nov 10 2014Nov 13 2014

Other

Other2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014
CountryQatar
CityDoha
Period11/10/1411/13/14

Keywords

  • anomaly detection
  • BACnet
  • Data mining
  • SCADA

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Anomaly based intrusion detection for Building Automation and Control networks'. Together they form a unique fingerprint.

  • Cite this

    Pan, Z., Hariri, S. A., & Al-Nashif, Y. (2015). Anomaly based intrusion detection for Building Automation and Control networks. In Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA (Vol. 2015-March, pp. 72-77). [7073181] IEEE Computer Society. https://doi.org/10.1109/AICCSA.2014.7073181