Analysis and Cases Study of BEMS Application and Its Classification Indexes

Peng, Li-te

17 January 2007

In the year of 1990, the BEMS concept has been developed into an open web-based structure where internet has been utilized widely. Universally adapted communication protocols, such as BACNet and Lonworks have been applied in engineering practices and created huge opportunity for building energy conservation designs. In this research, the development of the BEMS system has been discussed and analyzed in detail including its hardware infrastructure and software requirements, so that the HVAC , lighting and power subsystems can be integrated while remote control can be achieved. The classification of BEMS system, to be adapted in Taiwan, has been proposed and published by the end of year 2006, which enables real-time online building energy auditing with energy conservation potential assessed. Design examples, such as general hospitals, department stores, hotels, have been selected and analyzed to demonstrate the feasibility in adapting BEMS system in Taiwan with successful results.

Building Optimization

BACnet

BEMS

Automation and control of the MMT thermal system

Gibson, J. D., Porter, Dallan, Goble, William

26 July 2016

This study investigates the software automation and control framework for the MMT thermal system. Thermal-related effects on observing and telescope behavior have been considered during the entire software development process. Regression analysis of telescope and observatory subsystem data is used to characterize and model these thermal-related effects. The regression models help predict expected changes in focus and overall astronomical seeing that result from temperature variations within the telescope structure, within the primary mirror glass, and between the primary mirror glass and adjacent air (i.e., mirror seeing). This discussion is followed by a description of ongoing upgrades to the heating, ventilation and air conditioning (HVAC) system and the associated software controls. The improvements of the MMT thermal system have two objectives: 1) to provide air conditioning capabilities for the MMT facilities, and 2) to modernize and enhance the primary mirror (M1) ventilation system. The HVAC upgrade necessitates changes to the automation and control of the M1 ventilation system. The revised control system must factor in the additional requirements of the HVAC system, while still optimizing performance of the M1 ventilation system and the M1's optical behavior. An industry-standard HVAC communication and networking protocol, BACnet (Building Automation and Control network), has been adopted. Integration of the BACnet protocol into the existing software framework at the MMT is discussed. Performance of the existing automated system is evaluated and a preliminary upgraded automated control system is presented. Finally, user interfaces to the new HVAC system are discussed.

Telescope thermal control systems

MMT Observatory

regression analysis

HVAC

BACnet

On Vulnerabilities of Building Automation Systems

Cash, Michael

01 January 2024

Building automation systems (BAS) have become more commonplace in personal and commercial environments in recent years. They provide many functions for comfort and ease of use, from automating room temperature and shading, to monitoring equipment data and status. Even though their convenience is beneficial, their security has become an increased concerned in recent years. This research shows an extensive study on building automation systems and identifies vulnerabilities in some of the most common building communication protocols, BACnet and KNX. First, we explore the BACnet protocol, exploring its Standard BACnet objects and properties. An automation tool is designed and implemented to identify BACnet devices using their IP addresses and enumerate both standard and vendor-defined BACnet objects as well as their standard properties. This tool is applied to a testbed real-world BAS system on a university campus and successfully validates the tool's effectiveness. We present a false data injection attack on a KNX system using a man-in-the-middle (MITM) attack. A BAS is modeled to analyze the impact of false data injections to a system in terms of energy cost. A machine learning (ML) based detection strategy is designed to detect the false data injection attack using a novel feature based on the Jensen Shannon Divergence (JSD), measuring the similarity of the KNX telegram's interarrival time distributions with attack and with no attack. Real-world experiments are performed to validate the presented false data injection attack and the ML detection strategy. Our results show an increase in overall energy cost during a false data injection attack. Of the examined ML models, the Support Vector Machine (SVM) classifier achieved the best results with 100% detection rate using our proposed JSD similarity feature vector compared to more traditional features. Lastly, we introduce a simplified real-world BAS system, consisting of both BACnet and KNX equipment, and spanning over multiple building environments. We analyze the vulnerabilities of the BAS system at each level and component, introducing several attack scenarios which may occur and affect the system.

Security

Building Automation

BACnet

KNX

Machine Learning

Man-in-the-Middle

Automation

Computer Sciences

Honeypot study of threats targeting critical infrastructure / Honeypot studie av cyberhot riktade mot kritisk infrastruktur

Alberto Scola, Carlo

January 2023

Honeypots are systems with the intent of gathering information about potential threats and, at the same time, shifting part of the attention away from the real targets. In industrial control system environments, honeypots play a significant role and can lead to further threat study while distracting potential attackers away from critical physical systems. Low-interaction honeypots are emulated systems that try to recreate a real environment by simulating applications and protocols. These types of honeypots still need improvements to be efficient, and during this thesis work the focus has been on the Conpot open-source ICS honeypot. Due to their nature, low-interaction honeypots are less appealing to potential attackers than high-interaction honeypots since they do not provide the same level of realism and can be easier discovered. Earlier works showed ways to increase the ability to attract more visitors and an improved setup of Conpot has been evaluated. Its results have been analyzed and compared with the default installation. Several advancements have been implemented as well as custom features and working functionalities, such as a customized industrial system design, improved logging, and a web API proxy. The goal of this work is to answer the investigated hypothesis which consists in finding out if an improved version of the low-interaction honeypot can yield more significant results. By evaluating the network traffic received, the outcome has been insightful and showcased a distinguished improvement over the original version of the honeypot. The ICS protocols displayed a more considerable number of interactions along with an increased amount of attacks. In conclusion, further development for the Conpot honeypot is desirable which would largely improve its performance and practicality in real-world deployments. / Honeypots är ett system med avsikten att samla information om potentiella hot och samtidigt avleda uppmärksamheten från de verkliga målen. I industriella kontrollsystemsmiljöer spelar honungskrukor en viktig roll och kan leda till ytterligare hotstudier samtidigt som potentiella angripare distraheras från viktiga fysiska system. Honeypots med låg interaktion är emulerade system som försöker återskapa verkliga miljöer genom att simulera applikationer och protokoll. Dessa typer av honeypots behöver fortfarande förbättringar för att vara effektiva, och under detta examensarbete har fokus legat på Conpot open source ICS honeypots. På grund av designbegränsningar är honeypots med låg interaktion mindre tilltalande för potentiella angripare än honeypots med hög interaktion. Tidigare arbeten har visat sätt att öka möjligheten att locka fler besökare och en förbättrad installation av Conpot har utvärderats och dess resultat har analyserats och jämförts med standardinstallationen. Flera framsteg har implementerats samt anpassade funktioner och fungerande funktioner, såsom en anpassad industriell systemdesign, förbättrad loggning och en webb-API-proxy. Målet med detta arbete är att svara på den undersökta hypotesen som går ut på att ta reda på om en förbättrad version av honungskrukan med låg interaktion kan ge mer signifikanta resultat. Genom att utvärdera den mottagna nätverkstrafiken har resultatet varit insiktsfullt och visat upp en stor förbättring jämfört med den ursprungliga versionen av honeypot. ICS-protokollen visade ett större antal interaktioner tillsammans med en ökad mängd attacker. Sammanfattningsvis är det önskvärt med en vidareutveckling av Conpot honeypot som avsevärt skulle förbättra dess prestanda och praktiska användning i den verkliga världen.

ICS

Honeypots

Modbus

SCADA

Enip

Conpot

Bacnet

FTP

IPMI

Network security

Cyber attacks

Computer and Information Sciences

Data- och informationsvetenskap