Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit P-256, 253-264 (2016).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


Detecting anomalies in BACnet network data

Jernej Tonejc , Jaspreet Kaur and Alexandra Kobekova


Over the last few years, the volume of data in the Building Automation System (BAS) networks has increased exponentially. Nowadays, it is possible to obtain several kinds of data from building networks such as data based on individual service type, specific building location and even specific time of the day. As a consequence, large volumes of data with more variables have to be considered when performing the data analysis. This means that there is a need to identify the most important variables for analysis. In this paper, we introduce a framework which allows the characterization of BACnet network traffic data by means of machine learning techniques. This framework is based on unsupervised machine learning methods, specifically, Principal Components Analysis and Clustering. Such methods are used because of the large volume of data that needs to be taken into consideration, preventing the manual labeling of the data which is required for supervised learning methods. We show the efficiency and effectiveness of the framework in detecting anomalies by performing experiments on different BACnet network traffic data, captured by Wireshark, together with synthetically generated data.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-650-3

Last changed 03.06.2016 15:41:47