Conference Paper

Was bedeutet das IT-Sicherheitsgesetz für Smart Buildings? Konzepte des sicheren Alterns der Gebäude-IT

If you want to read the PDF, try requesting it from the authors.


Nachdem das neue IT-Sicherheitsgesetz des Bundes in Kraft trat, bestehteine gegenwärtige rechtliche Verpflichtung vor allem für Betreiber sogenannter „kritischer Infrastrukturen“, innerhalb von zwei Jahren entsprechende IT-Sicherheitsmaßnahmen zu implementieren. Zu den kritischen Infrastrukturen zählen auch zahlreiche automatisierte Gebäude, die häufig IT-Sicherheitslücken aufweisen. In diesem Beitrag stellen wir unser Konzept des sicheren Alterns vor. Es basiert auf der Anwendung von maschinellen Lernverfahren zur Anomalieerkennung im BACnet-Netzwerkverkehr. Aus den Ergebnissen werden Entscheidungsregeln für das Filtern der Datenpakete abgeleitet. Damit wird ein selbstlernendes System erzeugt, das in der Lage ist, auch auf bisher unbekannte Angriffe angemessen zu reagieren. Unser Fokus liegt dabei auf der Evaluierung der Effektivität verschiedener maschineller Lernverfahren. Insbesondere zeigen wir, welche Methoden für die Erkennung bereits bekannter Anomalien sowie für die Entdeckung neuer Angriffe am besten geeignet sind.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Full-text available
More than twelve years have elapsed since the first public release of WEKA. In that time, the software has been rewritten entirely from scratch, evolved substantially and now accompanies a text on data mining [35]. These days, WEKA enjoys widespread acceptance in both academia and business, has an active community, and has been downloaded more than 1.4 million times since being placed on Source-Forge in April 2000. This paper provides an introduction to the WEKA workbench, reviews the history of the project, and, in light of the recent 3.6 stable release, briefly discusses what has been added since the last stable version (Weka 3.4) released in 2003.
Full-text available
Scikit-learn is a Python module integrating a wide range of state-of-the-art machine learning algorithms for medium-scale supervised and unsupervised problems. This package focuses on bringing machine learning to non-specialists using a general-purpose high-level language. Emphasis is put on ease of use, performance, documentation, and API consistency. It has minimal dependencies and is distributed under the simplified BSD license, encouraging its use in both academic and commercial settings. Source code, binaries, and documentation can be downloaded from
Full-text available
Massive Online Analysis (MOA) is a software environment for implementing algorithms and running experiments for online learning from evolving data streams. MOA includes a collection of offline and online methods as well as tools for evaluation. In particular, it implements boosting, bagging, and Hoeffding Trees, all with and without Naïve Bayes classifiers at the leaves. MOA supports bi-directional interaction with WEKA, the Waikato Environment for Knowledge Analysis, and is released under the GNU GPL license.
In recent years, the volume and the complexity of data in Building Automation System networks have increased exponentially. As a result, a manual analysis of network traffic data has become nearly impossible. Even automated but supervised methods are problematic in practice since the large amount of data makes manual labeling, required to train the algorithms to differentiate between normal traffic and anomalies, impractical. This paper introduces a framework which allows the characterization of BACnet network traffic data by means of unsupervised machine learning techniques. Specifically, we use clustering, random forests, one-class support vector machines and support vector classifier, after a pre-processing step that includes principal components analysis for dimensionality reduction. We compare the effectiveness of the methods in detecting anomalies by performing experiments on BACnet network traffic data from various sources. We describe which of these unsupervised methods work best in specific scenarios since each method has its distinct advantages and disadvantages. In particular, we discuss which method is best suited to detect new types of anomalies (novelty detection), or which method most reliably and efficiently finds new attacks of a type that has been captured in the data previously.
In recent years, known vulnerabilities such as in the Tridium Niagara AX Framework, Siemens’ energy automation device, or Vaillant heating systems put a spotlight on the security of smart buildings. What is needed to increase the security of smart buildings and what research aspects did we forget to cover in recent years?
Entwurf eines Gesetzes zur Erhöhung der Sicherheit informationstechnischer Systeme
  • Deutscher Bundestag
Deutscher Bundestag, "Entwurf eines Gesetzes zur Erhöhung der Sicherheit informationstechnischer Systeme." Drs. 18/4096, S. 26, 2015, [Online]. Available: [Zugriff am 7 Dezember 2016].
IT-Sicherheitsgesetz: Auswirkungen, Entwicklung und Materialien für die Praxis
  • M Terhaag
M. Terhaag, "IT-Sicherheitsgesetz: Auswirkungen, Entwicklung und Materialien für die Praxis." Bundesanzeiger Verlag, Auflage: 1, S. 46, 2015.
IoT Security Artifacts
  • B Moyer
B. Moyer, "IoT Security Artifacts." EEJournal, 2015, [Online]. Available: [Zugriff am 7 Dezember 2016].
IoT's Security Nightmare: Unpatched Devices that Never Die
  • A Noller
A. Noller, "IoT's Security Nightmare: Unpatched Devices that Never Die." DZone, 2014,[Online]. Available: [Zugriff am 7 Dezember 2016].
Usable TRUST in the Internet of Things
  • Utrustit-Projekt
UTRUSTit-Projekt, "Usable TRUST in the Internet of Things," 2013, [Online].
Gartner Predicts our Digital Future
  • Inc Gartner
Gartner, Inc., "Gartner Predicts our Digital Future," 2015, [Online]. Available: [Zugriff am 7 Dezember 2016].
Securing BACnet'spitfalls
  • J Kaur
J. Kaur et al., "Securing BACnet'spitfalls". In Proc. 30. IFIP SEC, Hamburg, Vol. 455, pp.616-629. Springer,2015.