TY - GEN
T1 - Role inference + anomaly detection = situational awareness in bacnet networks
AU - Fauri, Davide
AU - Kapsalakis, Michail
AU - dos Santos, Daniel Ricardo
AU - Costante, Elisa
AU - den Hartog, Jerry
AU - Etalle, Sandro
PY - 2019/6/6
Y1 - 2019/6/6
N2 - In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.
AB - In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.
UR - http://www.scopus.com/inward/record.url?scp=85067797392&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-22038-9_22
DO - 10.1007/978-3-030-22038-9_22
M3 - Conference contribution
AN - SCOPUS:85067797392
SN - 978-3-030-22037-2
T3 - Lecture Notes in Computer Science
SP - 461
EP - 481
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings
A2 - Maurice, Clémentine
A2 - Giacinto, Giorgio
A2 - Perdisci, Roberto
A2 - Almgren, Magnus
PB - Springer
CY - Cham
T2 - 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019
Y2 - 19 June 2019 through 20 June 2019
ER -