Traffic Measurement and Analysis of Building Automation and Control Networks

  • Radek Krejčí
  • Pavel Čeleda
  • Jakub Dobrovolný
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7279)


This paper proposes a framework for a flow-based network traffic monitoring of building automation and control networks. Current approaches to monitor special environment networks are limited to checking accessibility and a state of monitored devices. On the other hand, current generation of flow-based network monitoring tools focuses only on the IP traffic. These tools do not allow to observe special protocols used, for example, in an intelligent building network. We present a novel approach based on processing of flow information from such special environment. To demonstrate capabilities of such approach and to provide characteristics of a large building automation network, we present measurement results from Masaryk University Campus.


BACnet BACnetFlow network measurement analysis building automation control 


  1. 1.
    Security Predictions 2012&2013 – The Emerging Security Threat,
  2. 2.
  3. 3.
    Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101 (Proposed Standard), IETF (2008),
  4. 4.
    American Society of Heating, Refrigerating and Air-Conditioning Engineers: Standard 135-2010 – BACnet A Data Communication Protocol for Building Automation and Control Networks. ASHRAE (2010)Google Scholar
  5. 5.
    BACnet Website – ASHRAE SSPC 135,
  6. 6.
    The new Masaryk University Campus,
  7. 7.
    Nagios – The Industry Standard In IT Infrastructure Monitoring,
  8. 8.
    Barbosa, R.R.R., Sadre, R., Pras, A.: Difficulties in Modeling SCADA Traffic: A Comparative Analysis. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 126–135. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Novak, T., Treytl, A., Palensky, P.: Common approach to functional safety and system security in building automation and control systems. In: IEEE Conference on Emerging Technologies and Factory Automation, pp. 1141–1148 (2007)Google Scholar
  10. 10.
    Granzer, W., Kastner, W., Neugschwandtner, G., Praus, F.: Security in networked building automation systems. In: IEEE International Workshop on Factory Communication Systems, pp. 283–292 (2006)Google Scholar
  11. 11.
    Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wireless Networks, 189–199 (2001)Google Scholar
  12. 12.
    Honeywell selects Tofino Modbus Read-only Firewall to Secure Critical Safety Systems,
  13. 13.
    INVEA FlowMon Exporter – Community Program,
  14. 14.
    BACnet Monitoring Plugins,
  15. 15.
    How many Packets per Second per port are needed to achieve Wire-Speed?,
  16. 16.
  17. 17.
    IP Flow Information Export (IPFIX) Entities,

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Radek Krejčí
    • 1
  • Pavel Čeleda
    • Jakub Dobrovolný
      1. 1.CESNET, z.s.p.o.PragueCzech Republic

      Personalised recommendations