*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Network Traffic Characterization and Intrusion Detection in Building Automation Systems
Committee:
Dr. Beyah, Advisor
Dr. Copeland, Chair
Dr. Shelden
Abstract:
The objective of the proposed research is to study BAS network traffic and use domain knowledge to create building device models for detecting abnormal behavior, faults, and attacks on building automation networks (BANs) as well as leverage building automation device documentation and building information modeling (BIM) level of development (LOD) 350 and above specifications to develop robust network security rules for BAS intrusion detection systems (IDS). This will be achieved in three phases, first by performing a detailed characterization of a real world BAN and applying ML on building sensor data at the field level to deduce normal building behavior for modeling. Next, through the systematization of literature in the BAS security domain to analyze cross protocol device vulnerabilities, attacks, and defenses for proposing a security evaluation framework to analyze BAS devices, followed by an investigation of the security posture of 15 BAS devices using the proposed methodology. Finally, with the extraction of device details from BAS device documentation and BIM specifications to learn expected device network behaviors and automatically generate IDS rules which enforce them.
