Context aware intrusion detection for building automation systems

Zhiwen Pan, Salim A Hariri, Jesus Pacheco

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.

Original languageEnglish (US)
Pages (from-to)181-201
Number of pages21
JournalComputers and Security
Volume85
DOIs
StatePublished - Aug 1 2019

Fingerprint

Intrusion detection
automation
Automation
Internet
Intelligent buildings
Network protocols
behavior analysis
Launching
interconnection
Testbeds
communication system
Mobile devices
aircraft
functionality
Automobiles
motor vehicle
Data structures
building
assets
vulnerability

Keywords

  • Context awareness
  • Data mining
  • Internet of Things
  • Intrusion detection
  • Network security
  • Supervised learning

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Context aware intrusion detection for building automation systems. / Pan, Zhiwen; Hariri, Salim A; Pacheco, Jesus.

In: Computers and Security, Vol. 85, 01.08.2019, p. 181-201.

Research output: Contribution to journalArticle

@article{945c3f5f9328434db9d67d7d39c601e3,
title = "Context aware intrusion detection for building automation systems",
abstract = "The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.",
keywords = "Context awareness, Data mining, Internet of Things, Intrusion detection, Network security, Supervised learning",
author = "Zhiwen Pan and Hariri, {Salim A} and Jesus Pacheco",
year = "2019",
month = "8",
day = "1",
doi = "10.1016/j.cose.2019.04.011",
language = "English (US)",
volume = "85",
pages = "181--201",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

TY - JOUR

T1 - Context aware intrusion detection for building automation systems

AU - Pan, Zhiwen

AU - Hariri, Salim A

AU - Pacheco, Jesus

PY - 2019/8/1

Y1 - 2019/8/1

N2 - The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.

AB - The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.

KW - Context awareness

KW - Data mining

KW - Internet of Things

KW - Intrusion detection

KW - Network security

KW - Supervised learning

UR - http://www.scopus.com/inward/record.url?scp=85065725329&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85065725329&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2019.04.011

DO - 10.1016/j.cose.2019.04.011

M3 - Article

AN - SCOPUS:85065725329

VL - 85

SP - 181

EP - 201

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -