Anomaly behavior analysis for building automation systems

Zhiwen Pan, Jesus Pacheco, Salim Hariri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations


Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation Systems (BAS) communication protocols and Internet, which makes Fog computing service a potential solution for automation of building end devices. However, the connection to Internet and public networks increases significantly the risk of the BAS networks being attacked due mainly to the significant increase in the attack surface. In this paper, we present an anomaly based Intrusion Detection System (IDS) that combines context awareness and Cyber DNA techniques to detect network misbehavior from security and functionality perspectives. We developed runtime models for service interactions and functionality patterns by modeling the information that is continuously acquired from building assets into two novel data structures: Protocol Context Aware and sensor-DNA. Our IDS uses Anomaly Behavior Analysis techniques to accurately detect anomalous events triggered by cyber-attacks or any failure. A classification of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BAS.

Original languageEnglish (US)
Title of host publication2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings
PublisherIEEE Computer Society
ISBN (Electronic)9781509043200
StatePublished - Jul 2 2016
Event13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016 - Agadir, Morocco
Duration: Nov 29 2016Dec 2 2016

Publication series

NameProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
ISSN (Print)2161-5322
ISSN (Electronic)2161-5330


Other13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016


  • Anomaly Behavior Analysis
  • Building Automation System
  • Fog computing
  • Internet of Things
  • Intrusion Detection System

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering


Dive into the research topics of 'Anomaly behavior analysis for building automation systems'. Together they form a unique fingerprint.

Cite this