基于异常的楼宇自控网络入侵检测

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA) Pub Date : 2014-11-01 DOI:10.1109/AICCSA.2014.7073181

Zhiwen Pan, S. Hariri, Y. Al-Nashif

{"title":"基于异常的楼宇自控网络入侵检测","authors":"Zhiwen Pan, S. Hariri, Y. Al-Nashif","doi":"10.1109/AICCSA.2014.7073181","DOIUrl":null,"url":null,"abstract":"Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.","PeriodicalId":412749,"journal":{"name":"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"Anomaly based intrusion detection for Building Automation and Control networks\",\"authors\":\"Zhiwen Pan, S. Hariri, Y. Al-Nashif\",\"doi\":\"10.1109/AICCSA.2014.7073181\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.\",\"PeriodicalId\":412749,\"journal\":{\"name\":\"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)\",\"volume\":\"51 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AICCSA.2014.7073181\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AICCSA.2014.7073181","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

摘要

先进的网络技术和日益增长的信息服务使得楼宇自动化与控制(BAC)网络与互联网之间的广泛互连。与互联网和公共网络的连接极大地提高了BAC网络被攻击的风险。本文提出了一种基于规则的楼宇自控网络异常检测框架。利用BACnet协议监控模块，利用火灾报警系统测试平台动态捕获的数据流对系统进行训练，开发了一个基于异常的楼宇网络入侵检测系统。从离线数据挖掘过程中获得的规则可以以极低的误报率检测出针对BACnet协议的攻击。我们通过发起几个利用BACnet协议通用漏洞的攻击来评估我们的方法。最后介绍了检测到的攻击的分类。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Anomaly based intrusion detection for Building Automation and Control networks

Advanced networking technology and increasing information services have led to extensive interconnection between Building Automation and Control (BAC) networks and Internet. The connection to Internet and public networks massively elevates the risk of the BAC networks being attacked. In this paper, we present a framework for a rule based anomaly detection of Building Automation and Control networks. We develop an anomaly based intrusion detection system to the building network by training the system with dataflows that are dynamically captured from the Fire Alarm System testbed using the BACnet Protocol Monitoring module. The rules acquired from the offline data mining procedure can detect attacks against the BACnet protocol with an extremely low false positive rate. We evaluate our approach by launching several attacks that exploit the generic vulnerabilities of the BACnet Protocol. A classification of detected attacks is introduced at the end.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)

自引率

0.00%

发文量