The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.