Title:  Network Traffic Characterization and Intrusion Detection in Building Automation Systems

Committee: 

Dr. Beyah, Advisor        

Dr. Copeland, Chair

Dr. Shelden

Abstract:

The objective of the proposed research is to study BAS network traffic and use domain knowledge to create building device models for detecting abnormal behavior, faults, and attacks on building automation networks (BANs) as well as leverage building automation device documentation and building information modeling (BIM) level of development (LOD) 350 and above specifications to develop robust network security rules for BAS intrusion detection systems (IDS). This will be achieved in three phases, first by performing a detailed characterization of a real world BAN and applying ML on building sensor data at the field level to deduce normal building behavior for modeling. Next, through the systematization of literature in the BAS security domain to analyze cross protocol device vulnerabilities, attacks, and defenses for proposing a security evaluation framework to analyze BAS devices, followed by an investigation of the security posture of 15 BAS devices using the proposed methodology. Finally, with the extraction of device details from BAS device documentation and BIM specifications to learn expected device network behaviors and automatically generate IDS rules which enforce them.