TY - GEN
T1 - Anomaly Behavior Analysis System for ZigBee in smart buildings
AU - Al Baalbaki, Bilal
AU - Pacheco, Jesus
AU - Tunc, Cihan
AU - Hariri, Salim
AU - Al-Nashif, Youssif
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2016/7/7
Y1 - 2016/7/7
N2 - Smart Building (SB) exploits advances in information and communication technologies in order to provide the next generation of information and automation services that will significantly reduce operational costs and improve performance and efficiency. SB elements are typically interconnected using short range wireless communication technologies such as ZigBee, which is the most used wireless communication protocol for SBs. However, ZigBee protocol has multiple vulnerabilities that can be exploited by cyberattacks. In this paper, we present an Anomaly Behavior Analysis System (ABAS) for ZigBee protocol to be used in SBs. Our ABAS can detect both known and unknown ZigBee attacks with a high detection rate and low false alarms. Additionally, after detection, our system classifies the attack based on the impact, origin, and destination. We evaluate our approach by launching many attack scenarios such as DoS, Flooding, and Pulse DoS attacks, and then we compare our results with other intrusion detection systems such as secure HAN, signature IDS, and specification IDS.
AB - Smart Building (SB) exploits advances in information and communication technologies in order to provide the next generation of information and automation services that will significantly reduce operational costs and improve performance and efficiency. SB elements are typically interconnected using short range wireless communication technologies such as ZigBee, which is the most used wireless communication protocol for SBs. However, ZigBee protocol has multiple vulnerabilities that can be exploited by cyberattacks. In this paper, we present an Anomaly Behavior Analysis System (ABAS) for ZigBee protocol to be used in SBs. Our ABAS can detect both known and unknown ZigBee attacks with a high detection rate and low false alarms. Additionally, after detection, our system classifies the attack based on the impact, origin, and destination. We evaluate our approach by launching many attack scenarios such as DoS, Flooding, and Pulse DoS attacks, and then we compare our results with other intrusion detection systems such as secure HAN, signature IDS, and specification IDS.
KW - Behavior Analysis
KW - Cyber Security
KW - Intrusion Detection System
KW - Smart Building
KW - ZigBee
UR - http://www.scopus.com/inward/record.url?scp=84980361799&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84980361799&partnerID=8YFLogxK
U2 - 10.1109/AICCSA.2015.7507187
DO - 10.1109/AICCSA.2015.7507187
M3 - Conference contribution
AN - SCOPUS:84980361799
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
BT - 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications, AICCSA 2015
PB - IEEE Computer Society
T2 - 12th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2015
Y2 - 17 November 2015 through 20 November 2015
ER -