Anomaly behavior analysis for building automation systems

Zhiwen Pan, Jesus Pacheco, Salim Hariri

Research output: ResearchConference contribution

Abstract

Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.

LanguageEnglish (US)
Title of host publication2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings
PublisherIEEE Computer Society
ISBN (Electronic)9781509043200
DOIs
StatePublished - Jun 9 2017
Event13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016 - Agadir, Morocco
Duration: Nov 29 2016Dec 2 2016

Other

Other13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016
CountryMorocco
CityAgadir
Period11/29/1612/2/16

Fingerprint

Automation
Intrusion detection
DNA
Internet
Network protocols
Intelligent buildings
Launching
Fog
Information services
Testbeds
Data structures
Computer systems
Sensors

Keywords

  • Anomaly Behavior Analysis
  • Building Automation System
  • Fog computing
  • Internet of Things
  • Intrusion Detection System

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

Pan, Z., Pacheco, J., & Hariri, S. (2017). Anomaly behavior analysis for building automation systems. In 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings [7945692] IEEE Computer Society. DOI: 10.1109/AICCSA.2016.7945692

Anomaly behavior analysis for building automation systems. / Pan, Zhiwen; Pacheco, Jesus; Hariri, Salim.

2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings. IEEE Computer Society, 2017. 7945692.

Research output: ResearchConference contribution

Pan, Z, Pacheco, J & Hariri, S 2017, Anomaly behavior analysis for building automation systems. in 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings., 7945692, IEEE Computer Society, 13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016, Agadir, Morocco, 11/29/16. DOI: 10.1109/AICCSA.2016.7945692
Pan Z, Pacheco J, Hariri S. Anomaly behavior analysis for building automation systems. In 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings. IEEE Computer Society. 2017. 7945692. Available from, DOI: 10.1109/AICCSA.2016.7945692
Pan, Zhiwen ; Pacheco, Jesus ; Hariri, Salim. / Anomaly behavior analysis for building automation systems. 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings. IEEE Computer Society, 2017.
@inbook{a5cdbc5e347649648923fb9f0ad61616,
title = "Anomaly behavior analysis for building automation systems",
abstract = "Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.",
keywords = "Anomaly Behavior Analysis, Building Automation System, Fog computing, Internet of Things, Intrusion Detection System",
author = "Zhiwen Pan and Jesus Pacheco and Salim Hariri",
year = "2017",
month = "6",
doi = "10.1109/AICCSA.2016.7945692",
booktitle = "2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings",
publisher = "IEEE Computer Society",

}

TY - CHAP

T1 - Anomaly behavior analysis for building automation systems

AU - Pan,Zhiwen

AU - Pacheco,Jesus

AU - Hariri,Salim

PY - 2017/6/9

Y1 - 2017/6/9

N2 - Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.

AB - Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.

KW - Anomaly Behavior Analysis

KW - Building Automation System

KW - Fog computing

KW - Internet of Things

KW - Intrusion Detection System

UR - http://www.scopus.com/inward/record.url?scp=85021938367&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85021938367&partnerID=8YFLogxK

U2 - 10.1109/AICCSA.2016.7945692

DO - 10.1109/AICCSA.2016.7945692

M3 - Conference contribution

BT - 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings

PB - IEEE Computer Society

ER -