{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T18:38:23Z","timestamp":1771612703647,"version":"3.50.1"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030220372","type":"print"},{"value":"9783030220389","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22038-9_22","type":"book-chapter","created":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:02:31Z","timestamp":1560106951000},"page":"461-481","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks"],"prefix":"10.1007","author":[{"given":"Davide","family":"Fauri","sequence":"first","affiliation":[]},{"given":"Michail","family":"Kapsalakis","sequence":"additional","affiliation":[]},{"given":"Daniel Ricardo","family":"dos Santos","sequence":"additional","affiliation":[]},{"given":"Elisa","family":"Costante","sequence":"additional","affiliation":[]},{"given":"Jerry","family":"den Hartog","sequence":"additional","affiliation":[]},{"given":"Sandro","family":"Etalle","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,6]]},"reference":[{"key":"22_CR1","unstructured":"ASHRAE: BACnet - a data communication protocol for building automation and control networks. Standard (2016)"},{"issue":"1","key":"22_CR2","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/2945.468391","volume":"1","author":"R Becker","year":"1995","unstructured":"Becker, R., Eick, S., Wilks, A.: Visualizing network data. IEEE Trans. Visual Comput. Graphics 1(1), 16\u201328 (1995)","journal-title":"IEEE Trans. Visual Comput. Graphics"},{"key":"22_CR3","unstructured":"Brandstetter, T., Reisinger, K.: (in)security in Building Automation How to Create Dark Buildings with Light Speed. Blackhat (2017)"},{"key":"22_CR4","unstructured":"Caselli, M., Zambon, E., Amann, J., Sommer, R., Kargl, F.: Specification mining for intrusion detection in networked control systems. In: 25th USENIX Security Symposium, pp. 791\u2013806 (2016)"},{"key":"22_CR5","first-page":"27","volume":"32","author":"E Costante","year":"2017","unstructured":"Costante, E., den Hartog, J., Petkovi\u0107, M., Etalle, S., Pechenizkiy, M.: A white-box anomaly-based framework for database leakage detection. J. Inf. Secur. Appl. 32, 27\u201346 (2017)","journal-title":"J. Inf. Secur. Appl."},{"key":"22_CR6","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.csi.2015.11.005","volume":"45","author":"P Domingues","year":"2016","unstructured":"Domingues, P., Carreira, P., Vieira, R., Kastner, W.: Building automation systems: concepts and technology review. Comput. Stand. Interfaces 45, 1\u201312 (2016)","journal-title":"Comput. Stand. Interfaces"},{"key":"22_CR7","doi-asserted-by":"crossref","unstructured":"Esquivel-Vargas, H., Caselli, M., Peter, A.: Automatic deployment of specification-based intrusion detection in the BACnet protocol. In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 25\u201336 (2017)","DOI":"10.1145\/3140241.3140244"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Fauri, D., Kapsalakis, M., dos Santos, D., Costante, E., den Hartog, J., Etalle, S.: Leveraging semantics for actionable intrusion detection in building automation systems. In: Critical Information Infrastructures Security, pp. 113\u2013125 (2019)","DOI":"10.1007\/978-3-030-05849-4_9"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Fauri, D., dos Santos, D., Costante, E., den Hartog, J., Etalle, S., Tonetta, S.: From system specification to anomaly detection (and back). In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 13\u201324 (2017)","DOI":"10.1145\/3140241.3140250"},{"key":"22_CR10","doi-asserted-by":"crossref","unstructured":"Holmberg, D.: BACnet wide area network security threat assessment. Technical report, NIST (2003)","DOI":"10.6028\/NIST.IR.7009"},{"key":"22_CR11","unstructured":"Johnstone, M., Peacock, M., den Hartog, J.: Timing attack detection on BACnet via a machine learning approach. In: Proceedings of the 13th Australian Information Security Management Conference, pp. 57\u201364 (2015)"},{"issue":"6","key":"22_CR12","doi-asserted-by":"publisher","first-page":"1178","DOI":"10.1109\/JPROC.2005.849726","volume":"93","author":"W Kastner","year":"2005","unstructured":"Kastner, W., Neugschwandtner, G., Soucek, S., Newman, H.M.: Communication systems for building automation and control. Proc. IEEE 93(6), 1178\u20131203 (2005)","journal-title":"Proc. IEEE"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Mundt, T., Wickboldt, P.: Security in building automation systems - a first analysis. In: International Conference On Cyber Security And Protection Of Digital Services, pp. 1\u20138 (2016)","DOI":"10.1109\/CyberSecPODS.2016.7502336"},{"key":"22_CR14","doi-asserted-by":"crossref","unstructured":"Pan, Z., Hariri, S., Al-Nashif, Y.: Anomaly based intrusion detection for building automation and control networks. In: IEEE\/ACS 11th International Conference on Computer Systems and Applications, pp. 72\u201377 (2014)","DOI":"10.1109\/AICCSA.2014.7073181"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305\u2013316 (2010)","DOI":"10.1109\/SP.2010.25"},{"issue":"9","key":"22_CR16","first-page":"1203","volume":"22","author":"J Tonejc","year":"2016","unstructured":"Tonejc, J., Guttes, S., Kobekova, A., Kaur, J.: Machine learning methods for anomaly detection in BACnet networks. J. Univ. Comput. Sci. 22(9), 1203\u20131224 (2016)","journal-title":"J. Univ. Comput. Sci."},{"key":"22_CR17","doi-asserted-by":"crossref","unstructured":"Urbina, D., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092\u20131105 (2016)","DOI":"10.1145\/2976749.2978388"},{"key":"22_CR18","unstructured":"Webster, S., Lippmann, R., Zissman, M.: Experience using active and passive mapping for network situational awareness. In: 5th IEEE International Symposium on Network Computing and Applications, pp. 19\u201326 (2006)"},{"key":"22_CR19","first-page":"327","volume-title":"Cyber Security of Smart Buildings","author":"S Wendzel","year":"2017","unstructured":"Wendzel, S., Tonejc, J., Kaur, J., Kobekova, A.: Cyber Security of Smart Buildings, pp. 327\u2013351. Wiley, Hoboken (2017). Chapter 16"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"Y\u00fcksel, O., den Hartog, J., Etalle, S.: Reading between the fields: practical, effective intrusion detection for industrial control systems. In: Proceedings of the 31st Annual ACM Symposium on Applied Computing, pp. 2063\u20132070 (2016)","DOI":"10.1145\/2851613.2851799"},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1007\/978-3-319-49806-5_30","volume-title":"Information Systems Security","author":"\u00d6 Y\u00fcksel","year":"2016","unstructured":"Y\u00fcksel, \u00d6., den Hartog, J., Etalle, S.: Towards useful anomaly detection for back office networks. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 509\u2013520. Springer, Cham (2016). \n                      https:\/\/doi.org\/10.1007\/978-3-319-49806-5_30"},{"key":"22_CR22","doi-asserted-by":"crossref","unstructured":"Zheng, Z., Reddy, A.: Safeguarding building automation networks: THE-driven anomaly detector based on traffic analysis. In: 26th International Conference on Computer Communication and Networks, pp. 1\u201311 (2017)","DOI":"10.1109\/ICCCN.2017.8038393"},{"issue":"9","key":"22_CR23","first-page":"100","volume":"58","author":"S Ziegenfus","year":"2016","unstructured":"Ziegenfus, S.: BACnet\u00ae is in a \u201cfamily way\u201d. ASHRAE J. 58(9), 100\u2013102 (2016)","journal-title":"ASHRAE J."}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22038-9_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:11:52Z","timestamp":1560107512000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-22038-9_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030220372","9783030220389"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22038-9_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Gothenburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.dimva2019.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"dimca2019.hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}