Abstract
The interconnection of building automation and control system networks to public networks has exposed them to a wide range of security problems. This paper provides an overview of the flow data usability to detect security issue in these networks. The flow-based monitoring inside automation and control networks is a novel approach. In this paper, we describe several use cases in which flow monitoring provides information on network activities in building automation and control systems. We demonstrate a detection of Telnet brute force attacks, access control validation and targeted attacks on building automation system network.
Chapter PDF
Similar content being viewed by others
References
Byres, E., Lowe, J.: The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems. In: Proceedings of the VDE Congress (2004)
Security Predictions 2012&2013 – The Emerging Security Threat, http://www.sans.edu/research/security-laboratory/article/security-predict2011
Barbosa, R.R.R., Pras, A.: Intrusion detection in SCADA networks. In: Stiller, B., Turck, F. (eds.) AIMS 2010. LNCS, vol. 6155, pp. 163–166. Springer, Heidelberg (2010)
Barbosa, R.R.R., Sadre, R., Pras, A.: Difficulties in Modeling SCADA Traffic: A Comparative Analysis. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 126–135. Springer, Heidelberg (2012)
American Society of Heating, Refrigerating and Air-Conditioning Engineers: Standard 135-2010 – BACnet A Data Communication Protocol for Building Automation and Control Networks. ASHRAE (2010)
Krejčí, R., Čeleda, P., Dobrovolný, J.: Traffic Measurement and Analysis of Building Automation and Control Networks. In: Sadre, R., Novotný, J., Čeleda, P., Waldburger, M., Stiller, B. (eds.) AIMS 2012. LNCS, vol. 7279, pp. 62–73. Springer, Heidelberg (2012)
Holmberg, D.G., Bender, J., Galler, M.: Using the BACnet Firewall Router, http://www.bacnet.org/Bibliography/BACnet-Today-06/28884-Holmberg.pdf
Yang, D., Usynin, A., Hines, J.W.: Anomaly-Based Intrusion Detection for SCADA Systems. In: Proc. of 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (2006)
Holmberg, D.G.: BACnet wide area network security threat assessment, U.S. Dept. of Commerce, National Institute of Standards and Technology (2003), http://www.nist.gov/customcf/get_pdf.cfm?pub_id=860911
ANSI/ASHRAE: Addendum g to BACnet Standard 135-2008, http://www.bacnet.org/Addenda/Add-135-2008g.pdf
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-based Intrusion Detection. IEEE Communications Surveys & Tutorials 12(3), 343–356
Shannon, C.E.: A Mathematical Theory of Communication. Bell System Technical Journal 27, 379–423, 623–656 (1948)
Whalen, S.: An Introduction to ARP Spoofing (2001), http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf
Nikander, P., Kempf, J., Nordmark, E.: IPv6 Neighbor Discovery (ND) Trust Models and Threats, RFC 3756 (Informational), IETF (2004), http://tools.ietf.org/html/rfc3756
Čeleda, P., Krejčí, R., Krmíček, V.: Revealing and Analysing Modem Malware. In: Proceedings of the IEEE International Conference on Communications (2012)
Fazzi, F.: Lightaidra – IRC-based mass router scanner/exploiter, http://packetstormsecurity.org/files/109244
Cui, A., Stolfo, S.: A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan. In: Proceedings of the 26th Annual Computer Security Applications Conference (2010)
Byres, E.: #1 ICS and SCADA Security Myth: Protection by Air Gap. Tofino Security, http://www.tofinosecurity.com/blog/1-ics-and-scada-security-myth-protection-air-gap
Hofstede, R., Fioreze, T.: SURFmap: A Network Monitoring Tool Based on the Google Maps API. In: Proceedings of IFIP/IEEE International Symposium on Integrated Network Management (2009)
Microsoft Corporation: Network Connectivity Status Indicator, http://technet.microsoft.com/en-us/library/cc766017%28WS.10%29.aspx
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Čeleda, P., Krejčí, R., Krmíček, V. (2012). Flow-Based Security Issue Detection in Building Automation and Control Networks. In: Szabó, R., Vidács, A. (eds) Information and Communication Technologies. EUNICE 2012. Lecture Notes in Computer Science, vol 7479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32808-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-32808-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32807-7
Online ISBN: 978-3-642-32808-4
eBook Packages: Computer ScienceComputer Science (R0)