{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T18:38:22Z","timestamp":1771612702655,"version":"3.50.1"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030058487","type":"print"},{"value":"9783030058494","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,12,30]],"date-time":"2018-12-30T00:00:00Z","timestamp":1546128000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-05849-4_9","type":"book-chapter","created":{"date-parts":[[2018,12,29]],"date-time":"2018-12-29T18:33:10Z","timestamp":1546108390000},"page":"113-125","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Leveraging Semantics for Actionable Intrusion Detection in Building Automation Systems"],"prefix":"10.1007","author":[{"given":"Davide","family":"Fauri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michail","family":"Kapsalakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel Ricardo","family":"dos Santos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elisa","family":"Costante","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jerry","family":"den Hartog","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sandro","family":"Etalle","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,12,30]]},"reference":[{"key":"9_CR1","unstructured":"ASHRAE: BACnet - a data communication protocol for building automation and control networks. Standard (2016)"},{"key":"9_CR2","unstructured":"Caselli, M., Zambon, E., Amann, J., Sommer, R., Kargl, F.: Specification mining for intrusion detection in networked control systems. In: Proceedings of USENIX Security (2016)"},{"key":"9_CR3","first-page":"27","volume":"32","author":"E Costante","year":"2017","unstructured":"Costante, E., den Hartog, J., Petkovi\u0107, M., Etalle, S., Pechenizkiy, M.: A white-box anomaly-based framework for database leakage detection. JISA 32, 27\u201346 (2017)","journal-title":"JISA"},{"issue":"Suppl. C","key":"9_CR4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.csi.2015.11.005","volume":"45","author":"P Domingues","year":"2016","unstructured":"Domingues, P., Carreira, P., Vieira, R., Kastner, W.: Building automation systems: concepts and technology review. Comput. Stand. Interfaces 45(Suppl. C), 1\u201312 (2016)","journal-title":"Comput. Stand. Interfaces"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Esquivel-Vargas, H., Caselli, M., Peter, A.: Automatic deployment of specification-based intrusion detection in the BACnet protocol. In: Proceedings of CPS-SPC (2017)","DOI":"10.1145\/3140241.3140244"},{"key":"9_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-66402-6_1","volume-title":"Computer Security \u2013 ESORICS 2017","author":"S Etalle","year":"2017","unstructured":"Etalle, S.: From intrusion detection to software design. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017, Part I. LNCS, vol. 10492, pp. 1\u201310. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66402-6_1"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Fauri, D., dos Santos, D., Costante, E., den Hartog, J., Etalle, S., Tonetta, S.: From system specification to anomaly detection (and back). In: CPS-SPC (2017)","DOI":"10.1145\/3140241.3140250"},{"key":"9_CR8","doi-asserted-by":"crossref","DOI":"10.1002\/9781119958352","volume-title":"The Internet of Things: Key Applications and Protocols","author":"O Hersent","year":"2011","unstructured":"Hersent, O., Boswarthick, D., Elloumi, O.: The Internet of Things: Key Applications and Protocols. John Wiley & Sons, Chichester (2011)"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Holmberg, D.: BACnet wide area network security threat assessment. Technical report, NIST (2003)","DOI":"10.6028\/NIST.IR.7009"},{"issue":"11","key":"9_CR10","first-page":"B10","volume":"48","author":"D Holmberg","year":"2006","unstructured":"Holmberg, D.: Using the BACnet firewall router. ASHRAE J. 48(11), B10\u2013B14 (2006)","journal-title":"ASHRAE J."},{"key":"9_CR11","unstructured":"Johnstone, M., Peacock, M., den Hartog, J.: Timing attack detection on BACnet via a machine learning approach. In: Proceedings of AISM (2015)"},{"issue":"6","key":"9_CR12","doi-asserted-by":"crossref","first-page":"1178","DOI":"10.1109\/JPROC.2005.849726","volume":"93","author":"W Kastner","year":"2005","unstructured":"Kastner, W., Neugschwandtner, G., Soucek, S., Newman, H.M.: Communication systems for building automation and control. Proc. IEEE 93(6), 1178\u20131203 (2005)","journal-title":"Proc. IEEE"},{"key":"9_CR13","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1007\/978-3-319-18467-8_41","volume-title":"ICT Systems Security and Privacy Protection","author":"J Kaur","year":"2015","unstructured":"Kaur, J., Tonejc, J., Wendzel, S., Meier, M.: Securing BACnet\u2019s pitfalls. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 616\u2013629. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-18467-8_41"},{"key":"9_CR14","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/978-3-319-33630-5_25","volume-title":"ICT Systems Security and Privacy Protection","author":"F M\u00f6llers","year":"2016","unstructured":"M\u00f6llers, F., Sorge, C.: Deducing user presence from inter-message intervals in home automation systems. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 369\u2013383. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-33630-5_25"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Mundt, T., Wickboldt, P.: Security in building automation systems - a first analysis. In: Proceedings of Cyber Security (2016)","DOI":"10.1109\/CyberSecPODS.2016.7502336"},{"key":"9_CR16","first-page":"B8","volume":"52","author":"H Newman","year":"2010","unstructured":"Newman, H.: Broadcasting BACnet\u00ae. ASHRAE J. 52, B8\u2013B12 (2010)","journal-title":"ASHRAE J."},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Pan, Z., Hariri, S., Al-Nashif, Y.: Anomaly based intrusion detection for building automation and control networks. In: Proceedings of AICCSA (2014)","DOI":"10.1109\/AICCSA.2014.7073181"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Pang, R., Paxson, V., Sommer, R., Peterson, L.: Binpac: a yacc for writing application protocol parsers. In: Proceedings of IMC (2006)","DOI":"10.1145\/1177080.1177119"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of IEEE S&P (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"9_CR20","unstructured":"Szl\u00f3sarczyk, S., Wendzel, S., Kaur, J., Schubert, F.: Towards suppressing attacks on and improving resilience of building automation systems - an approach exemplified using BACnet. In: GI Sicherheit (2014)"},{"issue":"9","key":"9_CR21","first-page":"1203","volume":"22","author":"J Tonejc","year":"2016","unstructured":"Tonejc, J., Guttes, S., Kobekova, A., Kaur, J.: Machine learning methods for anomaly detection in BACnet networks. JUCS 22(9), 1203\u20131224 (2016)","journal-title":"JUCS"},{"key":"9_CR22","doi-asserted-by":"crossref","unstructured":"Urbina, D., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of ACM SIGSAC CCS (2016)","DOI":"10.1145\/2976749.2978388"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Wendzel, S., Tonejc, J., Kaur, J., Kobekova, A.: Cyber security of smart buildings (2017)","DOI":"10.1002\/9781119226079.ch16"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Zheng, Z., Reddy, A.: Safeguarding building automation networks: THE-driven anomaly detector based on traffic analysis. In: Proceedings of ICCCN (2017)","DOI":"10.1109\/ICCCN.2017.8038393"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-05849-4_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T02:59:34Z","timestamp":1573613974000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-05849-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,30]]},"ISBN":["9783030058487","9783030058494"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-05849-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,12,30]]},"assertion":[{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kaunas","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lithuania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.lei.lt\/critis2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"51","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"31% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"4.6","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3.3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}