Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

Meeting of the European Network of Universities and Companies in Information and Communication Engineering

EUNICE 2012: Information and Communication Technologies pp 64–75Cite as

  1. Home
  2. Information and Communication Technologies
  3. Conference paper
Flow-Based Security Issue Detection in Building Automation and Control Networks

Flow-Based Security Issue Detection in Building Automation and Control Networks

  • Pavel Čeleda17,
  • Radek Krejčí18 &
  • Vojtěch Krmíček17 
  • Conference paper
  • 1545 Accesses

  • 10 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7479)

Abstract

The interconnection of building automation and control system networks to public networks has exposed them to a wide range of security problems. This paper provides an overview of the flow data usability to detect security issue in these networks. The flow-based monitoring inside automation and control networks is a novel approach. In this paper, we describe several use cases in which flow monitoring provides information on network activities in building automation and control systems. We demonstrate a detection of Telnet brute force attacks, access control validation and targeted attacks on building automation system network.

Keywords

  • network
  • security
  • attack
  • intrusion detection
  • entropy
  • flow
  • BACnetFlow
  • BACnet
  • building
  • automation

Download conference paper PDF

References

  1. Byres, E., Lowe, J.: The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems. In: Proceedings of the VDE Congress (2004)

    Google Scholar 

  2. Security Predictions 2012&2013 – The Emerging Security Threat, http://www.sans.edu/research/security-laboratory/article/security-predict2011

  3. Barbosa, R.R.R., Pras, A.: Intrusion detection in SCADA networks. In: Stiller, B., Turck, F. (eds.) AIMS 2010. LNCS, vol. 6155, pp. 163–166. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  4. Barbosa, R.R.R., Sadre, R., Pras, A.: Difficulties in Modeling SCADA Traffic: A Comparative Analysis. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 126–135. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  5. American Society of Heating, Refrigerating and Air-Conditioning Engineers: Standard 135-2010 – BACnet A Data Communication Protocol for Building Automation and Control Networks. ASHRAE (2010)

    Google Scholar 

  6. Krejčí, R., Čeleda, P., Dobrovolný, J.: Traffic Measurement and Analysis of Building Automation and Control Networks. In: Sadre, R., Novotný, J., Čeleda, P., Waldburger, M., Stiller, B. (eds.) AIMS 2012. LNCS, vol. 7279, pp. 62–73. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  7. Holmberg, D.G., Bender, J., Galler, M.: Using the BACnet Firewall Router, http://www.bacnet.org/Bibliography/BACnet-Today-06/28884-Holmberg.pdf

  8. Yang, D., Usynin, A., Hines, J.W.: Anomaly-Based Intrusion Detection for SCADA Systems. In: Proc. of 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (2006)

    Google Scholar 

  9. Holmberg, D.G.: BACnet wide area network security threat assessment, U.S. Dept. of Commerce, National Institute of Standards and Technology (2003), http://www.nist.gov/customcf/get_pdf.cfm?pub_id=860911

  10. ANSI/ASHRAE: Addendum g to BACnet Standard 135-2008, http://www.bacnet.org/Addenda/Add-135-2008g.pdf

  11. Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-based Intrusion Detection. IEEE Communications Surveys & Tutorials 12(3), 343–356

    Google Scholar 

  12. Shannon, C.E.: A Mathematical Theory of Communication. Bell System Technical Journal 27, 379–423, 623–656 (1948)

    CrossRef  MathSciNet  MATH  Google Scholar 

  13. Whalen, S.: An Introduction to ARP Spoofing (2001), http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf

  14. Nikander, P., Kempf, J., Nordmark, E.: IPv6 Neighbor Discovery (ND) Trust Models and Threats, RFC 3756 (Informational), IETF (2004), http://tools.ietf.org/html/rfc3756

  15. Čeleda, P., Krejčí, R., Krmíček, V.: Revealing and Analysing Modem Malware. In: Proceedings of the IEEE International Conference on Communications (2012)

    Google Scholar 

  16. Fazzi, F.: Lightaidra – IRC-based mass router scanner/exploiter, http://packetstormsecurity.org/files/109244

  17. Cui, A., Stolfo, S.: A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan. In: Proceedings of the 26th Annual Computer Security Applications Conference (2010)

    Google Scholar 

  18. Byres, E.: #1 ICS and SCADA Security Myth: Protection by Air Gap. Tofino Security, http://www.tofinosecurity.com/blog/1-ics-and-scada-security-myth-protection-air-gap

  19. Hofstede, R., Fioreze, T.: SURFmap: A Network Monitoring Tool Based on the Google Maps API. In: Proceedings of IFIP/IEEE International Symposium on Integrated Network Management (2009)

    Google Scholar 

  20. Microsoft Corporation: Network Connectivity Status Indicator, http://technet.microsoft.com/en-us/library/cc766017%28WS.10%29.aspx

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, Masaryk University, Botanická 68a, 602 00, Brno, Czech Republic

    Pavel Čeleda & Vojtěch Krmíček

  2. CESNET, z.s.p.o., Zikova 4, 160 00, Prague, Czech Republic

    Radek Krejčí

Authors
  1. Pavel Čeleda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Radek Krejčí
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vojtěch Krmíček
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telecommunications and Media Informatics, Budapest University of Technology and Economics, Magyar Tudósok krt.2, 1117, Budapest, Hungary

    Róbert Szabó & Attila Vidács & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Čeleda, P., Krejčí, R., Krmíček, V. (2012). Flow-Based Security Issue Detection in Building Automation and Control Networks. In: Szabó, R., Vidács, A. (eds) Information and Communication Technologies. EUNICE 2012. Lecture Notes in Computer Science, vol 7479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32808-4_7

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-32808-4_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32807-7

  • Online ISBN: 978-3-642-32808-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature