Automatic deployment of specification-based intrusion detection in the BACnet Protocol

Esquivel-Vargas, Herson (2016) Automatic deployment of specification-based intrusion detection in the BACnet Protocol.

[img]
Preview
PDF
1MB
Abstract:Specification-based intrusion detection has high detection rates and low false positives rates. Its main drawback is that the creation of specifications (rules) often require human intervention. We present a data-mining approach that reads documents and automatically extracts rules from them. Specifically, we work in the field of Building Automation Systems (BAS) using the BACnet protocol (ISO 16484-5). The input documents are provided by manufacturers of BACnet devices. These documents state the capabilities of every device, therefore the extracted rules represent the expected behavior of the devices. In our experiments, the proposed algorithm creates rules with a 94.5% of concordance with the documents, on average. We tested our automatically generated rules in a real BACnet network. Non-standard undocumented capabilities were detected for three kinds of devices during the evaluation period.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:http://purl.utwente.nl/essays/71040
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page