Leveraging semantics for actionable intrusion detection in building automation systems

Davide Fauri, Michail Kapsalakis, Daniel Ricardo dos Santos, Elisa Costante, Jerry den Hartog, Sandro Etalle

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

2 Citaties (Scopus)
2 Downloads (Pure)

Uittreksel

In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.

Originele taal-2Engels
TitelCritical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers
RedacteurenEric Luiijf, Inga Žutautaitė, Bernhard M. Hämmerli
UitgeverijSpringer
Pagina's113-125
Aantal pagina's13
ISBN van geprinte versie9783030058487
DOI's
StatusGepubliceerd - 1 jan 2019
Evenement13th International Conference on Critical Information Infrastructures Security, CRITIS 2018 - Kaunas, Litouwen
Duur: 24 sep 201826 sep 2018

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11260 LNCS
ISSN van geprinte versie0302-9743
ISSN van elektronische versie1611-3349

Congres

Congres13th International Conference on Critical Information Infrastructures Security, CRITIS 2018
LandLitouwen
StadKaunas
Periode24/09/1826/09/18

Vingerafdruk

Intelligent buildings
Intrusion detection
Intrusion Detection
Automation
Semantics
Network protocols
Attack
Network Monitoring
Actuators
Network Protocols
Internet
Vulnerability
Controllers
Anomalous
Monitoring
Actuator
Sensors
Controller
Unknown
Sensor

Citeer dit

Fauri, D., Kapsalakis, M., dos Santos, D. R., Costante, E., den Hartog, J., & Etalle, S. (2019). Leveraging semantics for actionable intrusion detection in building automation systems. In E. Luiijf, I. Žutautaitė, & B. M. Hämmerli (editors), Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers (blz. 113-125). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11260 LNCS). Springer. https://doi.org/10.1007/978-3-030-05849-4_9
Fauri, Davide ; Kapsalakis, Michail ; dos Santos, Daniel Ricardo ; Costante, Elisa ; den Hartog, Jerry ; Etalle, Sandro. / Leveraging semantics for actionable intrusion detection in building automation systems. Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers. redacteur / Eric Luiijf ; Inga Žutautaitė ; Bernhard M. Hämmerli. Springer, 2019. blz. 113-125 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{00f01002e65d4c238c8f05d4e962c1f4,
title = "Leveraging semantics for actionable intrusion detection in building automation systems",
abstract = "In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.",
author = "Davide Fauri and Michail Kapsalakis and {dos Santos}, {Daniel Ricardo} and Elisa Costante and {den Hartog}, Jerry and Sandro Etalle",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-05849-4_9",
language = "English",
isbn = "9783030058487",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "113--125",
editor = "Eric Luiijf and Inga Žutautaitė and H{\"a}mmerli, {Bernhard M.}",
booktitle = "Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers",
address = "Germany",

}

Fauri, D, Kapsalakis, M, dos Santos, DR, Costante, E, den Hartog, J & Etalle, S 2019, Leveraging semantics for actionable intrusion detection in building automation systems. in E Luiijf, I Žutautaitė & BM Hämmerli (redactie), Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11260 LNCS, Springer, blz. 113-125, 13th International Conference on Critical Information Infrastructures Security, CRITIS 2018, Kaunas, Litouwen, 24/09/18. https://doi.org/10.1007/978-3-030-05849-4_9

Leveraging semantics for actionable intrusion detection in building automation systems. / Fauri, Davide; Kapsalakis, Michail; dos Santos, Daniel Ricardo; Costante, Elisa; den Hartog, Jerry; Etalle, Sandro.

Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers. redactie / Eric Luiijf; Inga Žutautaitė; Bernhard M. Hämmerli. Springer, 2019. blz. 113-125 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11260 LNCS).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

TY - GEN

T1 - Leveraging semantics for actionable intrusion detection in building automation systems

AU - Fauri, Davide

AU - Kapsalakis, Michail

AU - dos Santos, Daniel Ricardo

AU - Costante, Elisa

AU - den Hartog, Jerry

AU - Etalle, Sandro

PY - 2019/1/1

Y1 - 2019/1/1

N2 - In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.

AB - In smart buildings, physical components (e.g., controllers, sensors, and actuators) are interconnected and communicate with each other using network protocols such as BACnet. Many smart building networks are now connected to the Internet, enabling attackers to exploit vulnerabilities in critical buildings. Network monitoring is crucial to detect such attacks and allow building operators to react accordingly. In this paper, we propose an intrusion detection system for building automation networks that detects known and unknown attacks, as well as anomalous behavior. It does so by leveraging protocol knowledge and specific BACnet semantics: by using this information, the alerts raised by our system are meaningful and actionable. To validate our approach, we use a real-world dataset coming from the building network of a Dutch university, as well as a simulated dataset generated in our lab facilities.

UR - http://www.scopus.com/inward/record.url?scp=85059933977&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-05849-4_9

DO - 10.1007/978-3-030-05849-4_9

M3 - Conference contribution

AN - SCOPUS:85059933977

SN - 9783030058487

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 113

EP - 125

BT - Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers

A2 - Luiijf, Eric

A2 - Žutautaitė, Inga

A2 - Hämmerli, Bernhard M.

PB - Springer

ER -

Fauri D, Kapsalakis M, dos Santos DR, Costante E, den Hartog J, Etalle S. Leveraging semantics for actionable intrusion detection in building automation systems. In Luiijf E, Žutautaitė I, Hämmerli BM, redacteurs, Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers. Springer. 2019. blz. 113-125. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-05849-4_9