Flow-Based Security Issue Detection in Building Automation and Control Networks

Authors	ČELEDA Pavel KREJČÍ Radek KRMÍČEK Vojtěch
Year of publication	2012
Type	Article in Proceedings
Conference	Lecture Notes in Computer Science 7479
MU Faculty or unit	Institute of Computer Science
Citation
Doi	https://doi.org/10.1007/978-3-642-32808-4_7
Field	Informatics
Keywords	network; security; attack; intrusion detection; entropy; flow; BACnetFlow; BACnet; building; automation
Attached files	bacnet-security-paper.pdf bacnet-security-presentation.pdf
Description	The interconnection of building automation and control system networks to public networks has exposed them to a wide range of security problems. This paper provides an overview of the flow data usability to detect security issue in these networks. The flow-based monitoring inside automation and control networks is a novel approach. In this paper, we describe several use cases in which flow monitoring provides information on network activities in building automation and control systems. We demonstrate a detection of Telnet brute force attacks, access control validation and targeted attacks on building automation system network.
Related projects:	CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment