Anomaly based intrusion detection for Building Automation and Control networks

Zhiwen Pan, Salim Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Scopus citations

Abstract

Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.

Original languageEnglish (US)
Title of host publication2014 IEEE/ACS 11th International Conference on Computer Systems and Applications, AICCSA 2014
PublisherIEEE Computer Society
Pages72-77
Number of pages6
ISBN (Electronic)9781479971008
DOIs
StatePublished - 2014
Event2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014 - Doha, Qatar
Duration: Nov 10 2014Nov 13 2014

Publication series

NameProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
Volume2014
ISSN (Print)2161-5322
ISSN (Electronic)2161-5330

Other

Other2014 11th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2014
Country/TerritoryQatar
CityDoha
Period11/10/1411/13/14

Keywords

  • BACnet
  • Data mining
  • SCADA
  • anomaly detection

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Anomaly based intrusion detection for Building Automation and Control networks'. Together they form a unique fingerprint.

Cite this