NETWORK TRAFFIC CHARACTERIZATION AND INTRUSION DETECTION IN BUILDING AUTOMATION SYSTEMS

The goal of this research was threefold: (1) to learn the operational trends and behaviors of a realworld building automation system (BAS) network for creating building device models to detect anomalous behaviors and attacks, (2) to design a framework for evaluating BA device security from both the device and network perspectives, and (3) to leverage new sources of building automation device documentation for developing robust network security rules for BAS intrusion detection systems (IDSs). These goals were achieved in three phases, first through the detailed longitudinal study and characterization of a real university campus building automation network (BAN) and with the application of machine learning techniques on field level traffic for anomaly detection. Next, through the systematization of literature in the BAS security domain to analyze cross protocol device vulnerabilities, attacks, and defenses for uncovering research gaps as the foundational basis of our proposed BA device security evaluation framework. Then, to evaluate our proposed framework the largest multiprotocol BAS testbed discussed in the literature was built and several side-channel vulnerabilities and software/firmware shortcomings were exposed. Finally, through the development of a semi-automated specification gathering, device documentation extracting, IDS rule generating framework that leveraged PICS files and BIM models.Ph.D

B-SMART: A Reference Architecture for Artificially Intelligent Autonomic Smart Buildings

The pervasive application of artificial intelligence and machine learning algorithms is transforming many industries and aspects of the human experience. One very important industry trend is the move to convert existing human dwellings to smart buildings, and to create new smart buildings. Smart buildings aim to mitigate climate change by reducing energy consumption and associated carbon emissions. To accomplish this, they leverage artificial intelligence, big data, and machine learning algorithms to learn and optimize system performance. These fields of research are currently very rapidly evolving and advancing, but there has been very little guidance to help engineers and architects working on smart buildings apply artificial intelligence algorithms and technologies in a systematic and effective manner. In this paper we present B-SMART: the first reference architecture for autonomic smart buildings. B-SMART facilitates the application of artificial intelligence techniques and technologies to smart buildings by decoupling conceptually distinct layers of functionality and organizing them into an autonomic control loop. We also present a case study illustrating how B-SMART can be applied to accelerate the introduction of artificial intelligence into an existing smart building

Implementation of APIs in Building Automation Systems

This Bachelor’s thesis was commissioned by ATN Automation in Vaasa, Finland. The thesis comprises instructions and a script program for retrieving and implementing weather data from APIs, supporting XML documents, in building automation system. The script can easily be programmed to retrieve various weather data information from the past, the real-time weather and future forecasts. The software that is used for this is Schneider Electrics StruxureWare Building Operation Workstation. The purpose with the thesis is to create a Real World Input for implementing information from the Internet to building automation system. The main fields of information the company wanted me to research in was information concerning weather data and power consumption. The real world information should then be available, e.g. in a table, for employees to use for programming. The result is a script program that easily can be improved and further developed to retrieve more information from similar and other sources. The script was merged into SBO on the company’s local server and a table of real-world inputs is available for use in building automation system programming.Detta examensarbete var gjort åt ATN Automation i Vasa, Finland. Examensarbetet omfattar instruktioner och ett skriptprogram för att hämta och implementera väderdata från API:er, som stöder XML dokument, i fastighetsautomationssystem. Programmet kan lätt omprogrammeras till att hämta olika sorters information om väderdata som har varit, i realtid och framtida väderprognoser. Mjukvaran jag har använt mig av är StruxureWare Building Operation Workstation av Schneider Electric. Syftet med detta examensarbete var att skapa en Real World Input för implementering av information från Internet i fastighetsautomationssystem. De områden som företaget ville att jag skulle forska i var information beträffande väderdata, och elpriser och energiförbrukning. Real World informationen skall sedan vara tillgängliga, t.ex. i en tabell, för de anställda att använda i sin programmering. Resultatet är ett skriptprogram som enkelt kan användas, förbättras och vidareutvecklas för att hämta mera information från liknande eller andra källor. Programmet implementerades i SBO mjukvaran i företagets lokala server och en tabell bestående av de i detta skede tillgängliga real world data finns nu att användas i programmeringen för automationssystem.Tämä opinnäytetyö on tehty ATN Automaatiolle, joka sijaitsee Vaasassa. Opinnäytetyö sisältää käyttöohjeet ja script ohjelman, jolla on haettu ja toteutettu säätietoja API:stä, jotka tukevat XML dokumentteja, kiinteistöautomaatiohjelmoinnissa. Ohjelma voidaan helposti ohjelmoida uudestaan saadakseen erilaisia tietoja: historiallisia säätietoja, reaaliaikaisia säätietoja sekä tulevaisuuden ennusteita. Ohjelmistona olen käyttänyt StruxureWare Building Operation Workstationia, joka on Schneider Electricin tekemä. Opinnäytetyön tarkoituksena oli muodostaa Real World Input Internet tietojen toteutusta varten kiinteistöautomaatiojärjestelmässä. Säädata, sähköhinnat ja energiankulutus olivat tutkimuksen aiheena. Real World informaation pitää olla työntekijälle saatavilla ohjelmoinnissa, esim. taulukoiden muodossa. Tulos on script ohjelma, jota voi helposti käyttää, parantaa ja jatkuvasti kehittää, jotta saataisiin lisää informaatiota vastaavanlaisista lähteistä. Ohjelma toteutettiin SBO ohjelmistossa yrityksen paikallisilla servereillä. Lisäksi laadittiin taulukko, jossa historialliset, nykyaikaiset sekä ennustetut arvot näkyvät

Anomaly Detection in BACnet/IP managed Building Automation Systems

Building Automation Systems (BAS) are a collection of devices and software which manage the operation of building services. The BAS market is expected to be a $19.25 billion USD industry by 2023, as a core feature of both the Internet of Things and Smart City technologies. However, securing these systems from cyber security threats is an emerging research area. Since initial deployment, BAS have evolved from isolated standalone networks to heterogeneous, interconnected networks allowing external connectivity through the Internet. The most prominent BAS protocol is BACnet/IP, which is estimated to hold 54.6% of world market share. BACnet/IP security features are often not implemented in BAS deployments, leaving systems unprotected against known network threats. This research investigated methods of detecting anomalous network traffic in BACnet/IP managed BAS in an effort to combat threats posed to these systems. This research explored the threats facing BACnet/IP devices, through analysis of Internet accessible BACnet devices, vendor-defined device specifications, investigation of the BACnet specification, and known network attacks identified in the surrounding literature. The collected data were used to construct a threat matrix, which was applied to models of BACnet devices to evaluate potential exposure. Further, two potential unknown vulnerabilities were identified and explored using state modelling and device simulation. A simulation environment and attack framework were constructed to generate both normal and malicious network traffic to explore the application of machine learning algorithms to identify both known and unknown network anomalies. To identify network patterns between the generated normal and malicious network traffic, unsupervised clustering, graph analysis with an unsupervised community detection algorithm, and time series analysis were used. The explored methods identified distinguishable network patterns for frequency-based known network attacks when compared to normal network traffic. However, as stand-alone methods for anomaly detection, these methods were found insufficient. Subsequently, Artificial Neural Networks and Hidden Markov Models were explored and found capable of detecting known network attacks. Further, Hidden Markov Models were also capable of detecting unknown network attacks in the generated datasets. The classification accuracy of the Hidden Markov Models was evaluated using the Matthews Correlation Coefficient which accounts for imbalanced class sizes and assess both positive and negative classification ability for deriving its metric. The Hidden Markov Models were found capable of repeatedly detecting both known and unknown BACnet/IP attacks with True Positive Rates greater than 0.99 and Matthews Correlation Coefficients greater than 0.8 for five of six evaluated hosts. This research identified and evaluated a range of methods capable of identifying anomalies in simulated BACnet/IP network traffic. Further, this research found that Hidden Markov Models were accurate at classifying both known and unknown attacks in the evaluated BACnet/IP managed BAS network

Operational Effectiveness in Use fo BAS

The effectiveness of BAS in controlling building systems is seen to reside in conjoint man machine function. In an emerging industry paradigm, data is extracted from the BAS and used for analytics that inform enhanced operations. This processing may include a mash up with data from other sources, such as energy meters. KPI metrics and Building ReTuning, an on going commissioning process, are suggested as important ways to guide operators in training and subsequent understanding and use of data intensive tools. Short case studies of work in progress on two CUNY campuses are provided

An Information Exchange Framework For BIM, BAS, And IoT Data Using Semantic Web Technologies

With digital technologies like Building Information Modeling (BIM), Internet of Things (IoT), and Building Automation System (BAS), an increasing amount of data is being created. Data silos in Architecture Engineering and Construction (AEC) industry emerged. The isolation between BIM-based building contextual information, IoT devices’ time-series data, and BAS metadata still exist. This research aims to develop a framework to facilitate information exchange between BIM-based building contextual data, IoT devices’ time-series data, and BAS metadata using Semantic Web technology. This research: i) conducts a comprehensive literature review on BIM and IoT integration based on domains of application and integration methods to summarized an optimal current approach; ii) proposes a framework which enables information exchange among semantically described building contextual data, BAS metadata, and time-series data; iii) the proposed framework uses BOT and BRICK schema to describe building contextual data and BAS metadata; iv) creates an MVD for BIM assisted BAS design and information exchange using BACnet and IFC use case; v) validates the framework with the use case and data from Georgia Tech campus buildings.Ph.D