TY - GEN
T1 - Anomaly behavior analysis for building automation systems
AU - Pan, Zhiwen
AU - Pacheco, Jesus
AU - Hariri, Salim
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/2
Y1 - 2016/7/2
N2 - Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.
AB - Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.
KW - Anomaly Behavior Analysis
KW - Building Automation System
KW - Fog computing
KW - Internet of Things
KW - Intrusion Detection System
UR - http://www.scopus.com/inward/record.url?scp=85021938367&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85021938367&partnerID=8YFLogxK
U2 - 10.1109/AICCSA.2016.7945692
DO - 10.1109/AICCSA.2016.7945692
M3 - Conference contribution
AN - SCOPUS:85021938367
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
BT - 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings
PB - IEEE Computer Society
T2 - 13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016
Y2 - 29 November 2016 through 2 December 2016
ER -