University of Twente Student Theses
Automatic deployment of specification-based intrusion detection in the BACnet Protocol
Esquivel-Vargas, Herson (2016) Automatic deployment of specification-based intrusion detection in the BACnet Protocol.
PDF
1MB |
Abstract: | Specification-based intrusion detection has high detection rates and low false positives rates. Its main drawback is that the creation of specifications (rules) often require human intervention. We present a data-mining approach that reads documents and automatically extracts rules from them. Specifically, we work in the field of Building Automation Systems (BAS) using the BACnet protocol (ISO 16484-5). The input documents are provided by manufacturers of BACnet devices. These documents state the capabilities of every device, therefore the extracted rules represent the expected behavior of the devices. In our experiments, the proposed algorithm creates rules with a 94.5% of concordance with the documents, on average. We tested our automatically generated rules in a real BACnet network. Non-standard undocumented capabilities were detected for three kinds of devices during the evaluation period. |
Item Type: | Essay (Master) |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/71040 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page