Please use this identifier to cite or link to this item:
Title: A Network Intrusion Detection System for Building Automation and Control Systems
Authors: Graveto, Vitor 
Cruz, Tiago 
Simões, Paulo 
Keywords: Home automation; building automation and control systems; BACS; NIDS; smart buildings; security; safety; KNX
Issue Date: 2023
Publisher: IEEE
Project: This work was supported in part by the Fundo Europeu de Desenvolvimento Regional (FEDER)-Competitiveness and Internationalization Operational Program (COMPETE 2020), Portugal 2020 Framework, in the scope of the Smart5Grid Project, under Grant POCI-01-0247- FEDER-047226; and in part by the FCT–Foundation for Science and Technology, Instituto Público (I.P.)/MCTES through National Funds [Programa de Investimentos e Despesas de Desenvolvimento da Administração Central (PIDDAC)], within the scope of Centre for Informatics and Systems of the University of Coimbra (CISUC) Research and Development Unit, under Grant UIDB/00326/2020 and Project UIDP/00326/2020. 
Serial title, monograph or event: IEEE Access
Volume: 11
Abstract: Building Automation and Control Systems (BACS) are traditionally based on specialized communications protocols, such as KNX or BACnet, and dedicated sensing and actuating devices. Despite the increased awareness about the security risks associated with BACS, there is a lack of security tools for protecting this special breed of cyber-physical systems. This is further aggravated by the fact that general-purpose security tools are typically not able to cope with the specific requirements and technologies associated with BACS, making it necessary to devise domain-specific approaches – as shown, for instance, by the KNX Secure initiative led by the KNX Association. Nevertheless, despite the advances brought by KNX Secure and similar initiatives, there is still a considerable gap between the security needs of BACS and the solutions available. In this paper, we address this gap by proposing a Network Intrusion Detection System (NIDS) specifically designed for BACS. This NIDS is protocol-agnostic and can potentially support different BACS protocols and technologies, such as KNX, BACnet, Modbus or mixed ecosystems, without loss of generality.We also present a specific proof-of-concept implementation of this NIDS concept for KNX – one of the more widespread BACS protocols. To this purpose, a real-world KNX deployment was used to showcase and evaluate the proposed approach.
ISSN: 2169-3536
DOI: 10.1109/ACCESS.2023.3238874
Rights: openAccess
Appears in Collections:I&D CISUC - Artigos em Revistas Internacionais
FCTUC Eng.Informática - Artigos em Revistas Internacionais

Files in This Item:
Show full item record

Google ScholarTM




This item is licensed under a Creative Commons License Creative Commons