Role inference + anomaly detection = situational awareness in bacnet networks

Davide Fauri, Michail Kapsalakis, Daniel Ricardo dos Santos, Elisa Costante, Jerry den Hartog, Sandro Etalle

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

Uittreksel

In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.

TaalEngels
TitelDetection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings
RedacteurenClémentine Maurice, Giorgio Giacinto, Roberto Perdisci, Magnus Almgren, Roberto Perdisci
Plaats van productieCham
UitgeverijSpringer
Pagina's461-481
Aantal pagina's21
ISBN van elektronische versie978-3-030-22038-9
ISBN van geprinte versie978-3-030-22037-2
DOI's
StatusGepubliceerd - 6 jun 2019
Evenement16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019 - Gothenburg, Zweden
Duur: 19 jun 201920 jun 2019

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11543 LNCS
ISSN van geprinte versie0302-9743
ISSN van elektronische versie1611-3349

Congres

Congres16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019
LandZweden
StadGothenburg
Periode19/06/1920/06/19

Vingerafdruk

Intelligent buildings
Situational Awareness
Anomaly Detection
Intrusion detection
Network protocols
Testbeds
Actuators
Automation
Internet
Intrusion Detection
Controllers
Sensors
Attack
Heterogeneous Environment
Network Protocols
Dynamic Environment
Vulnerability
Leverage
Testbed
Actuator

Citeer dit

Fauri, D., Kapsalakis, M., dos Santos, D. R., Costante, E., den Hartog, J., & Etalle, S. (2019). Role inference + anomaly detection = situational awareness in bacnet networks. In C. Maurice, G. Giacinto, R. Perdisci, M. Almgren, & R. Perdisci (editors), Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings (blz. 461-481). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11543 LNCS). Cham: Springer. DOI: 10.1007/978-3-030-22038-9_22
Fauri, Davide ; Kapsalakis, Michail ; dos Santos, Daniel Ricardo ; Costante, Elisa ; den Hartog, Jerry ; Etalle, Sandro. / Role inference + anomaly detection = situational awareness in bacnet networks. Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. redacteur / Clémentine Maurice ; Giorgio Giacinto ; Roberto Perdisci ; Magnus Almgren ; Roberto Perdisci. Cham : Springer, 2019. blz. 461-481 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{9ad24fb424b9487fa20c66e25b519a08,
title = "Role inference + anomaly detection = situational awareness in bacnet networks",
abstract = "In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.",
author = "Davide Fauri and Michail Kapsalakis and {dos Santos}, {Daniel Ricardo} and Elisa Costante and {den Hartog}, Jerry and Sandro Etalle",
year = "2019",
month = "6",
day = "6",
doi = "10.1007/978-3-030-22038-9_22",
language = "English",
isbn = "978-3-030-22037-2",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "461--481",
editor = "Cl{\'e}mentine Maurice and Giorgio Giacinto and Roberto Perdisci and Magnus Almgren and Roberto Perdisci",
booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings",
address = "Germany",

}

Fauri, D, Kapsalakis, M, dos Santos, DR, Costante, E, den Hartog, J & Etalle, S 2019, Role inference + anomaly detection = situational awareness in bacnet networks. in C Maurice, G Giacinto, R Perdisci, M Almgren & R Perdisci (redactie), Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11543 LNCS, Springer, Cham, blz. 461-481, Gothenburg, Zweden, 19/06/19. DOI: 10.1007/978-3-030-22038-9_22

Role inference + anomaly detection = situational awareness in bacnet networks. / Fauri, Davide; Kapsalakis, Michail; dos Santos, Daniel Ricardo; Costante, Elisa; den Hartog, Jerry; Etalle, Sandro.

Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. redactie / Clémentine Maurice; Giorgio Giacinto; Roberto Perdisci; Magnus Almgren; Roberto Perdisci. Cham : Springer, 2019. blz. 461-481 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11543 LNCS).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

TY - GEN

T1 - Role inference + anomaly detection = situational awareness in bacnet networks

AU - Fauri,Davide

AU - Kapsalakis,Michail

AU - dos Santos,Daniel Ricardo

AU - Costante,Elisa

AU - den Hartog,Jerry

AU - Etalle,Sandro

PY - 2019/6/6

Y1 - 2019/6/6

N2 - In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.

AB - In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.

UR - http://www.scopus.com/inward/record.url?scp=85067797392&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-22038-9_22

DO - 10.1007/978-3-030-22038-9_22

M3 - Conference contribution

SN - 978-3-030-22037-2

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 461

EP - 481

BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings

PB - Springer

CY - Cham

ER -

Fauri D, Kapsalakis M, dos Santos DR, Costante E, den Hartog J, Etalle S. Role inference + anomaly detection = situational awareness in bacnet networks. In Maurice C, Giacinto G, Perdisci R, Almgren M, Perdisci R, redacteurs, Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. Cham: Springer. 2019. blz. 461-481. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Beschikbaar vanaf, DOI: 10.1007/978-3-030-22038-9_22