TY - GEN
T1 - Leveraging semantics for actionable intrusion detection in building automation systems
AU - Fauri, Davide
AU - Kapsalakis, Michail
AU - dos Santos, Daniel Ricardo
AU - Costante, Elisa
AU - den Hartog, Jerry
AU - Etalle, Sandro
PY - 2019/1/1
Y1 - 2019/1/1
N2 - In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.
AB - In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.
UR - http://www.scopus.com/inward/record.url?scp=85059933977&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-05849-4_9
DO - 10.1007/978-3-030-05849-4_9
M3 - Conference contribution
AN - SCOPUS:85059933977
SN - 9783030058487
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 113
EP - 125
BT - Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers
A2 - Luiijf, Eric
A2 - Žutautaitė, Inga
A2 - Hämmerli, Bernhard M.
PB - Springer
T2 - 13th International Conference on Critical Information Infrastructures Security, CRITIS 2018
Y2 - 24 September 2018 through 26 September 2018
ER -