Context aware intrusion detection for building automation systems

Zhiwen Pan, Salim Hariri, Jesus Pacheco

Resultado de la investigación: Contribución a una revistaArtículo

1 Cita (Scopus)

Resumen

The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.

Idioma originalInglés
Páginas (desde-hasta)181-201
Número de páginas21
PublicaciónComputers and Security
Volumen85
DOI
EstadoPublicada - 1 ago 2019
Publicado de forma externa

Huella dactilar

Intrusion detection
automation
Automation
Internet
Intelligent buildings
Network protocols
behavior analysis
Launching
interconnection
Testbeds
communication system
Mobile devices
aircraft
functionality
Automobiles
motor vehicle
Data structures
building
assets
vulnerability

Citar esto

@article{d13a89aa31d24f19844edd278582c03e,
title = "Context aware intrusion detection for building automation systems",
abstract = "The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.",
keywords = "Context awareness, Data mining, Internet of Things, Intrusion detection, Network security, Supervised learning",
author = "Zhiwen Pan and Salim Hariri and Jesus Pacheco",
year = "2019",
month = "8",
day = "1",
doi = "10.1016/j.cose.2019.04.011",
language = "Ingl{\'e}s",
volume = "85",
pages = "181--201",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Ltd",

}

Context aware intrusion detection for building automation systems. / Pan, Zhiwen; Hariri, Salim; Pacheco, Jesus.

En: Computers and Security, Vol. 85, 01.08.2019, p. 181-201.

Resultado de la investigación: Contribución a una revistaArtículo

TY - JOUR

T1 - Context aware intrusion detection for building automation systems

AU - Pan, Zhiwen

AU - Hariri, Salim

AU - Pacheco, Jesus

PY - 2019/8/1

Y1 - 2019/8/1

N2 - The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.

AB - The Internet of Things (IoT) will connect not only computers and mobile devices, but also smart cities, buildings, and homes, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. IoT will lead to extensive interconnection between Building Automation Systems (BAS) communication protocols and the Internet. The connection to Internet and public networks increases significantly the risk of the BAS networks being attacked, since there's a significant lack of detection and defensive mechanisms for BAS networks. In this paper, we present a framework for a context-aware intrusion detection of a widely deployed Building Automation and Control network. We developed runtime models for service interactions and functionality patterns by modeling the heterogeneous information that is continuously acquired from building assets into a novel BAS context aware data structure. Our IDS performs anomaly based behavior analysis to accurately detect anomalous events triggered by cyber-attacks or any functional failure. An attack classification and severity analysis of detected attacks allow our IDS to automatically launch protective countermeasures. We evaluate our approach in the Smart Building testbed developed at the University of Arizona Center for Cloud and Autonomic Computing, by launching several cyber-attacks that exploit the generic vulnerabilities of BACnet protocol.

KW - Context awareness

KW - Data mining

KW - Internet of Things

KW - Intrusion detection

KW - Network security

KW - Supervised learning

UR - http://www.scopus.com/inward/record.url?scp=85065725329&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2019.04.011

DO - 10.1016/j.cose.2019.04.011

M3 - Artículo

AN - SCOPUS:85065725329

VL - 85

SP - 181

EP - 201

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -