Leveraging semantics for actionable intrusion detection in building automation systems

Davide Fauri, Michail Kapsalakis, Daniel Ricardo dos Santos, Elisa Costante, Jerry den Hartog, Sandro Etalle

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
2 Downloads (Pure)

Abstract

In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.

Original languageEnglish
Title of host publicationCritical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers
EditorsEric Luiijf, Inga Žutautaitė, Bernhard M. Hämmerli
PublisherSpringer
Pages113-125
Number of pages13
ISBN (Print)9783030058487
DOIs
Publication statusPublished - 1 Jan 2019
Event13th International Conference on Critical Information Infrastructures Security, CRITIS 2018 - Kaunas, Lithuania
Duration: 24 Sep 201826 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11260 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th International Conference on Critical Information Infrastructures Security, CRITIS 2018
CountryLithuania
CityKaunas
Period24/09/1826/09/18

    Fingerprint

Cite this

Fauri, D., Kapsalakis, M., dos Santos, D. R., Costante, E., den Hartog, J., & Etalle, S. (2019). Leveraging semantics for actionable intrusion detection in building automation systems. In E. Luiijf, I. Žutautaitė, & B. M. Hämmerli (Eds.), Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers (pp. 113-125). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11260 LNCS). Springer. https://doi.org/10.1007/978-3-030-05849-4_9