nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks

verfasst von : Davide Fauri, Michail Kapsalakis, Daniel Ricardo dos Santos, Elisa Costante, Jerry den Hartog, Sandro Etalle

Erschienen in: Detection of Intrusions and Malware, and Vulnerability Assessment

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In smart buildings, cyber-physical components (e.g., controllers, sensors, and actuators) communicate with each other using network protocols such as BACnet. Many of these devices are now connected to the Internet, enabling attackers to exploit vulnerabilities on protocols and devices to attack buildings. Situational awareness and intrusion detection are thus critical to provide operators with a clear and dynamic picture of their network, and to allow them to react to threats and attacks. Due to Smart Buildings being relatively dynamic and heterogeneous environments, situational awareness further needs to rapidly adapt to the appearance of new devices, and to provide enough context and information to understand a device’s behavior. In this paper, we propose a novel approach to situational awareness that leverages a combination of learning and knowledge of possible role devices. Specifically, we introduce a role-based situational awareness and intrusion detection system to monitor BACnet building automation networks. The system discovers devices, classifies them according to functional roles and detects deviations from the assigned roles. To validate our approach, we use a simulated dataset generated from a BACnet testbed, as well as a real-world dataset coming from the building network of a Dutch university.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Practical Password Hardening Based on TLS

Nächstes Kapitel BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation

https://github.com/digitalbond/Redpoint.

https://github.com/iadgov/GRASSMARLIN.

https://www.forescout.com/platform/silentdefense/.

https://github.com/JoelBender/bacpypes.

ASHRAE: BACnet - a data communication protocol for building automation and control networks. Standard (2016)

Becker, R., Eick, S., Wilks, A.: Visualizing network data. IEEE Trans. Visual Comput. Graphics 1(1), 16–28 (1995)CrossRef

Brandstetter, T., Reisinger, K.: (in)security in Building Automation How to Create Dark Buildings with Light Speed. Blackhat (2017)

Caselli, M., Zambon, E., Amann, J., Sommer, R., Kargl, F.: Specification mining for intrusion detection in networked control systems. In: 25th USENIX Security Symposium, pp. 791–806 (2016)

Costante, E., den Hartog, J., Petković, M., Etalle, S., Pechenizkiy, M.: A white-box anomaly-based framework for database leakage detection. J. Inf. Secur. Appl. 32, 27–46 (2017)

Domingues, P., Carreira, P., Vieira, R., Kastner, W.: Building automation systems: concepts and technology review. Comput. Stand. Interfaces 45, 1–12 (2016)CrossRef

Esquivel-Vargas, H., Caselli, M., Peter, A.: Automatic deployment of specification-based intrusion detection in the BACnet protocol. In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 25–36 (2017)

Fauri, D., Kapsalakis, M., dos Santos, D., Costante, E., den Hartog, J., Etalle, S.: Leveraging semantics for actionable intrusion detection in building automation systems. In: Critical Information Infrastructures Security, pp. 113–125 (2019)

Fauri, D., dos Santos, D., Costante, E., den Hartog, J., Etalle, S., Tonetta, S.: From system specification to anomaly detection (and back). In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 13–24 (2017)

10.

Holmberg, D.: BACnet wide area network security threat assessment. Technical report, NIST (2003)

11.

Johnstone, M., Peacock, M., den Hartog, J.: Timing attack detection on BACnet via a machine learning approach. In: Proceedings of the 13th Australian Information Security Management Conference, pp. 57–64 (2015)

12.

Kastner, W., Neugschwandtner, G., Soucek, S., Newman, H.M.: Communication systems for building automation and control. Proc. IEEE 93(6), 1178–1203 (2005)CrossRef

13.

Mundt, T., Wickboldt, P.: Security in building automation systems - a first analysis. In: International Conference On Cyber Security And Protection Of Digital Services, pp. 1–8 (2016)

14.

Pan, Z., Hariri, S., Al-Nashif, Y.: Anomaly based intrusion detection for building automation and control networks. In: IEEE/ACS 11th International Conference on Computer Systems and Applications, pp. 72–77 (2014)

15.

Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)

16.

Tonejc, J., Guttes, S., Kobekova, A., Kaur, J.: Machine learning methods for anomaly detection in BACnet networks. J. Univ. Comput. Sci. 22(9), 1203–1224 (2016)MathSciNet

17.

Urbina, D., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092–1105 (2016)

18.

Webster, S., Lippmann, R., Zissman, M.: Experience using active and passive mapping for network situational awareness. In: 5th IEEE International Symposium on Network Computing and Applications, pp. 19–26 (2006)

19.

Wendzel, S., Tonejc, J., Kaur, J., Kobekova, A.: Cyber Security of Smart Buildings, pp. 327–351. Wiley, Hoboken (2017). Chapter 16

20.

Yüksel, O., den Hartog, J., Etalle, S.: Reading between the fields: practical, effective intrusion detection for industrial control systems. In: Proceedings of the 31st Annual ACM Symposium on Applied Computing, pp. 2063–2070 (2016)

21.

Yüksel, Ö., den Hartog, J., Etalle, S.: Towards useful anomaly detection for back office networks. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 509–520. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49806-5_30CrossRef

22.

Zheng, Z., Reddy, A.: Safeguarding building automation networks: THE-driven anomaly detector based on traffic analysis. In: 26th International Conference on Computer Communication and Networks, pp. 1–11 (2017)

23.

Ziegenfus, S.: BACnet® is in a “family way”. ASHRAE J. 58(9), 100–102 (2016)

Titel: Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks
verfasst von: Davide Fauri
Michail Kapsalakis
Daniel Ricardo dos Santos
Elisa Costante
Jerry den Hartog
Sandro Etalle
Verlag: Springer International Publishing
Buch: Detection of Intrusions and Malware, and Vulnerability Assessment
Print ISBN: 978-3-030-22037-2

Electronic ISBN: 978-3-030-22038-9

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-22038-9_22

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner