A practical approach for applying machine learning in the detection and classification of network devices used in building management. Issue 3 (13th July 2021)
- Record Type:
- Journal Article
- Title:
- A practical approach for applying machine learning in the detection and classification of network devices used in building management. Issue 3 (13th July 2021)
- Main Title:
- A practical approach for applying machine learning in the detection and classification of network devices used in building management
- Authors:
- Touma, Maroun
Witherspoon, Shalisha
Witherspoon, Shonda
Crawford‐Eng, Isabelle - Abstract:
- Abstract: With the increasing deployment of smart buildings and infrastructure, supervisory control and data acquisition (SCADA) devices and the underlying IT network have become essential elements for the proper operations of these highly complex systems. Of course, with the increase in automation and the proliferation of SCADA devices, a corresponding increase in surface area of attack on critical infrastructure has increased. Understanding device behaviors in terms of known and understood or potentially qualified activities vs unknown and potentially nefarious activities in near‐real time is a key component of any security solution. In this paper, we investigate the challenges with building robust machine learning models to identify unknowns purely from network traffic both inside and outside firewalls, starting with missing or inconsistent labels across sites, feature engineering and learning, temporal dependencies and analysis, and training data quality (including small sample sizes) for both shallow and deep learning methods. To demonstrate these challenges and the capabilities we have developed, we focus on Building Automation and Control networks (BACnet) from a private commercial building system. Our results show that "Model Zoo" built from binary classifiers based on each device or behavior combined with an ensemble classifier integrating information from all classifiers provides a reliable methodology to identify unknown devices as well as determining specificAbstract: With the increasing deployment of smart buildings and infrastructure, supervisory control and data acquisition (SCADA) devices and the underlying IT network have become essential elements for the proper operations of these highly complex systems. Of course, with the increase in automation and the proliferation of SCADA devices, a corresponding increase in surface area of attack on critical infrastructure has increased. Understanding device behaviors in terms of known and understood or potentially qualified activities vs unknown and potentially nefarious activities in near‐real time is a key component of any security solution. In this paper, we investigate the challenges with building robust machine learning models to identify unknowns purely from network traffic both inside and outside firewalls, starting with missing or inconsistent labels across sites, feature engineering and learning, temporal dependencies and analysis, and training data quality (including small sample sizes) for both shallow and deep learning methods. To demonstrate these challenges and the capabilities we have developed, we focus on Building Automation and Control networks (BACnet) from a private commercial building system. Our results show that "Model Zoo" built from binary classifiers based on each device or behavior combined with an ensemble classifier integrating information from all classifiers provides a reliable methodology to identify unknown devices as well as determining specific known devices when the device type is in the training set. The capability of the Model Zoo framework is shown to be directly linked to feature engineering and learning, and the dependency of the feature selection varies depending on both the binary and ensemble classifiers as well. … (more)
- Is Part Of:
- Applied AI Letters. Volume 2:Issue 3(2021)
- Journal:
- Applied AI Letters
- Issue:
- Volume 2:Issue 3(2021)
- Issue Display:
- Volume 2, Issue 3 (2021)
- Year:
- 2021
- Volume:
- 2
- Issue:
- 3
- Issue Sort Value:
- 2021-0002-0003-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2021-07-13
- Subjects:
- BACnet -- binary classifier -- ensemble -- model zoo
006.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/ail2.35 ↗
- Languages:
- English
- ISSNs:
- 2689-5595
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 18982.xml