Emulation and detection of physical faults and cyber-attacks on building energy systems through real-time hardware-in-the-loop experiments
•A flexible HIL framework to emulate faults and attacks in building energy systems.•Energy performance, controller dynamics and network traffic are real-time monitored.•A joint classification framework to differentiate physical faults and cyber-attacks.•Real-time HIL experiments conducted to validat...
Gespeichert in:
| Veröffentlicht in: | Energy and buildings 2024-10, Vol.320, p.114596, Article 114596 |
|---|---|
| Hauptverfasser: | , , , , , , , , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | 114596 |
| container_title | Energy and buildings |
| container_volume | 320 |
| creator | Li, Guowen Ren, Lingyu Pradhan, Ojas O’Neill, Zheng Wen, Jin Yang, Zhiyao Fu, Yangyang Chu, Mengyuan Huang, Jiajing Wu, Teresa Candan, K. Selcuk Adetola, Veronica Zhu, Qi |
| description | •A flexible HIL framework to emulate faults and attacks in building energy systems.•Energy performance, controller dynamics and network traffic are real-time monitored.•A joint classification framework to differentiate physical faults and cyber-attacks.•Real-time HIL experiments conducted to validate the threat detection algorithms.
The increasing use of remote or mobile access, integrated wearable technologies, data exchange, and cloud-based data analytics in modern smart buildings is steering the building industry towards open communication technologies. The increased connectivity and accessibility could lead to more cyber-attacks in smart buildings. On the other hand, physical faults (e.g., HVAC − heating, ventilation, and air-conditioning faults) may have similar adverse impacts as those from the cyber-attacks on building energy systems, such as occupant discomfort, energy wastage, and equipment downtime. However, current physical behavior-based anomaly detection methods fail to differentiate between cyber-attacks and physical faults in building energy systems. Moreover, the challenge in collecting real-world threat data with ground truth has led researchers to rely on numerical models with user-defined assumptions, which may not accurately reflect real-world conditions due to the lack of in-situ experimental datasets. To address these challenges and gaps, this paper presents a flexible hardware-in-the-loop (HIL) testbed for generating cyber-attack and physical fault datasets and demonstrating threat detection algorithms in a real building automation system (BAS) environment. This testbed combines hardware (i.e., real BAS with local HVAC controllers and a physical network) with software (i.e., high-fidelity models to represent behaviors of building envelope and HVAC energy systems), enabling emulations of realistic threats. Five HIL experiments, including one baseline without any threats, two with physical faults, and two with cyber-attacks, were conducted to generate datasets containing detailed network traffic and system states. A joint classification framework, incorporating a network analyzer and a physical HVAC fault detector, was proposed to automatically detect cyber-physical abnormalities on BAS at both the network and the physical HVAC levels. The network analyzer comprises a conditional random fields (CRF) based command validator and a statistics-based detection strategy. The fault detector employs a weather and schedule-based pattern matchin |
| doi_str_mv | 10.1016/j.enbuild.2024.114596 |
| format | Article |
| fullrecord | <record><control><sourceid>elsevier_osti_</sourceid><recordid>TN_cdi_osti_scitechconnect_2458230</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0378778824007126</els_id><sourcerecordid>S0378778824007126</sourcerecordid><originalsourceid>FETCH-LOGICAL-c214t-4342269fe3001e1dc2f8a0f1b0abd9cd580368c6ba4f18f1ffca8e4685b7f623</originalsourceid><addsrcrecordid>eNqFUMlOwzAQzQEkSuETkCzuLrazuSeEqrJISFx6txx73LikdmU7QH6BryZpe-c0Gs1b5r0su6NkQQmtHnYLcE1vO71ghBULSotyWV1kM5LXHNc151fZdYw7QkhV1nSW_a73fSeT9Q5Jp5GGBOq4eYMO7RCtkh0ysu9SPALU0EDAMiWpPiMacUcz67YIHITtgOIQE-wjSm3w_bZFAWSHk90DamXQ3zIAtg6nFnDn_QHBzwHCeHUp3mSXRnYRbs9znm2e15vVK37_eHlbPb1jxWiRcJEXjFVLAzkhFKhWzHBJDG2IbPRS6ZKTvOKqamRhKDfUGCU5FBUvm9pULJ9n9ydZH5MVUdkxcau8c2NwwYqSs5yMoPIEUsHHGMCIw_ilDIOgRExFi504Fy2mosWp6JH3eOLBGODLQpgMwCnQNkz62tt_FP4Ao-KPew</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Emulation and detection of physical faults and cyber-attacks on building energy systems through real-time hardware-in-the-loop experiments</title><source>Elsevier ScienceDirect Journals</source><creator>Li, Guowen ; Ren, Lingyu ; Pradhan, Ojas ; O’Neill, Zheng ; Wen, Jin ; Yang, Zhiyao ; Fu, Yangyang ; Chu, Mengyuan ; Huang, Jiajing ; Wu, Teresa ; Candan, K. Selcuk ; Adetola, Veronica ; Zhu, Qi</creator><creatorcontrib>Li, Guowen ; Ren, Lingyu ; Pradhan, Ojas ; O’Neill, Zheng ; Wen, Jin ; Yang, Zhiyao ; Fu, Yangyang ; Chu, Mengyuan ; Huang, Jiajing ; Wu, Teresa ; Candan, K. Selcuk ; Adetola, Veronica ; Zhu, Qi ; Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)</creatorcontrib><description>•A flexible HIL framework to emulate faults and attacks in building energy systems.•Energy performance, controller dynamics and network traffic are real-time monitored.•A joint classification framework to differentiate physical faults and cyber-attacks.•Real-time HIL experiments conducted to validate the threat detection algorithms.
The increasing use of remote or mobile access, integrated wearable technologies, data exchange, and cloud-based data analytics in modern smart buildings is steering the building industry towards open communication technologies. The increased connectivity and accessibility could lead to more cyber-attacks in smart buildings. On the other hand, physical faults (e.g., HVAC − heating, ventilation, and air-conditioning faults) may have similar adverse impacts as those from the cyber-attacks on building energy systems, such as occupant discomfort, energy wastage, and equipment downtime. However, current physical behavior-based anomaly detection methods fail to differentiate between cyber-attacks and physical faults in building energy systems. Moreover, the challenge in collecting real-world threat data with ground truth has led researchers to rely on numerical models with user-defined assumptions, which may not accurately reflect real-world conditions due to the lack of in-situ experimental datasets. To address these challenges and gaps, this paper presents a flexible hardware-in-the-loop (HIL) testbed for generating cyber-attack and physical fault datasets and demonstrating threat detection algorithms in a real building automation system (BAS) environment. This testbed combines hardware (i.e., real BAS with local HVAC controllers and a physical network) with software (i.e., high-fidelity models to represent behaviors of building envelope and HVAC energy systems), enabling emulations of realistic threats. Five HIL experiments, including one baseline without any threats, two with physical faults, and two with cyber-attacks, were conducted to generate datasets containing detailed network traffic and system states. A joint classification framework, incorporating a network analyzer and a physical HVAC fault detector, was proposed to automatically detect cyber-physical abnormalities on BAS at both the network and the physical HVAC levels. The network analyzer comprises a conditional random fields (CRF) based command validator and a statistics-based detection strategy. The fault detector employs a weather and schedule-based pattern matching and feature-based principal component analysis (WPM-FPCA) method. Evaluation of the classification using four metrics from the multi-class confusion matrix revealed an average accuracy of 90.2 %, recall of 89.7 %, precision of 88.5 % and F1-score of 89.2 %. These results demonstrate that the proposed joint classification framework can effectively differentiate between specific types of cyber-attacks (e.g., device reinitialization attack, network Denial-of-Service attack) and physical faults (e.g., air handling unit operational fault, cooling coil valve stuck) in real time for improved building energy management.</description><identifier>ISSN: 0378-7788</identifier><identifier>DOI: 10.1016/j.enbuild.2024.114596</identifier><language>eng</language><publisher>United States: Elsevier B.V</publisher><subject>Building energy management system ; Cyber-attacks ; Hardware-in-the-loop ; Physical faults ; smart building ; Smart buildings</subject><ispartof>Energy and buildings, 2024-10, Vol.320, p.114596, Article 114596</ispartof><rights>2024 Elsevier B.V.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c214t-4342269fe3001e1dc2f8a0f1b0abd9cd580368c6ba4f18f1ffca8e4685b7f623</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0378778824007126$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,776,780,881,3537,27901,27902,65306</link.rule.ids><backlink>$$Uhttps://www.osti.gov/biblio/2458230$$D View this record in Osti.gov$$Hfree_for_read</backlink></links><search><creatorcontrib>Li, Guowen</creatorcontrib><creatorcontrib>Ren, Lingyu</creatorcontrib><creatorcontrib>Pradhan, Ojas</creatorcontrib><creatorcontrib>O’Neill, Zheng</creatorcontrib><creatorcontrib>Wen, Jin</creatorcontrib><creatorcontrib>Yang, Zhiyao</creatorcontrib><creatorcontrib>Fu, Yangyang</creatorcontrib><creatorcontrib>Chu, Mengyuan</creatorcontrib><creatorcontrib>Huang, Jiajing</creatorcontrib><creatorcontrib>Wu, Teresa</creatorcontrib><creatorcontrib>Candan, K. Selcuk</creatorcontrib><creatorcontrib>Adetola, Veronica</creatorcontrib><creatorcontrib>Zhu, Qi</creatorcontrib><creatorcontrib>Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)</creatorcontrib><title>Emulation and detection of physical faults and cyber-attacks on building energy systems through real-time hardware-in-the-loop experiments</title><title>Energy and buildings</title><description>•A flexible HIL framework to emulate faults and attacks in building energy systems.•Energy performance, controller dynamics and network traffic are real-time monitored.•A joint classification framework to differentiate physical faults and cyber-attacks.•Real-time HIL experiments conducted to validate the threat detection algorithms.
The increasing use of remote or mobile access, integrated wearable technologies, data exchange, and cloud-based data analytics in modern smart buildings is steering the building industry towards open communication technologies. The increased connectivity and accessibility could lead to more cyber-attacks in smart buildings. On the other hand, physical faults (e.g., HVAC − heating, ventilation, and air-conditioning faults) may have similar adverse impacts as those from the cyber-attacks on building energy systems, such as occupant discomfort, energy wastage, and equipment downtime. However, current physical behavior-based anomaly detection methods fail to differentiate between cyber-attacks and physical faults in building energy systems. Moreover, the challenge in collecting real-world threat data with ground truth has led researchers to rely on numerical models with user-defined assumptions, which may not accurately reflect real-world conditions due to the lack of in-situ experimental datasets. To address these challenges and gaps, this paper presents a flexible hardware-in-the-loop (HIL) testbed for generating cyber-attack and physical fault datasets and demonstrating threat detection algorithms in a real building automation system (BAS) environment. This testbed combines hardware (i.e., real BAS with local HVAC controllers and a physical network) with software (i.e., high-fidelity models to represent behaviors of building envelope and HVAC energy systems), enabling emulations of realistic threats. Five HIL experiments, including one baseline without any threats, two with physical faults, and two with cyber-attacks, were conducted to generate datasets containing detailed network traffic and system states. A joint classification framework, incorporating a network analyzer and a physical HVAC fault detector, was proposed to automatically detect cyber-physical abnormalities on BAS at both the network and the physical HVAC levels. The network analyzer comprises a conditional random fields (CRF) based command validator and a statistics-based detection strategy. The fault detector employs a weather and schedule-based pattern matching and feature-based principal component analysis (WPM-FPCA) method. Evaluation of the classification using four metrics from the multi-class confusion matrix revealed an average accuracy of 90.2 %, recall of 89.7 %, precision of 88.5 % and F1-score of 89.2 %. These results demonstrate that the proposed joint classification framework can effectively differentiate between specific types of cyber-attacks (e.g., device reinitialization attack, network Denial-of-Service attack) and physical faults (e.g., air handling unit operational fault, cooling coil valve stuck) in real time for improved building energy management.</description><subject>Building energy management system</subject><subject>Cyber-attacks</subject><subject>Hardware-in-the-loop</subject><subject>Physical faults</subject><subject>smart building</subject><subject>Smart buildings</subject><issn>0378-7788</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNqFUMlOwzAQzQEkSuETkCzuLrazuSeEqrJISFx6txx73LikdmU7QH6BryZpe-c0Gs1b5r0su6NkQQmtHnYLcE1vO71ghBULSotyWV1kM5LXHNc151fZdYw7QkhV1nSW_a73fSeT9Q5Jp5GGBOq4eYMO7RCtkh0ysu9SPALU0EDAMiWpPiMacUcz67YIHITtgOIQE-wjSm3w_bZFAWSHk90DamXQ3zIAtg6nFnDn_QHBzwHCeHUp3mSXRnYRbs9znm2e15vVK37_eHlbPb1jxWiRcJEXjFVLAzkhFKhWzHBJDG2IbPRS6ZKTvOKqamRhKDfUGCU5FBUvm9pULJ9n9ydZH5MVUdkxcau8c2NwwYqSs5yMoPIEUsHHGMCIw_ilDIOgRExFi504Fy2mosWp6JH3eOLBGODLQpgMwCnQNkz62tt_FP4Ao-KPew</recordid><startdate>20241001</startdate><enddate>20241001</enddate><creator>Li, Guowen</creator><creator>Ren, Lingyu</creator><creator>Pradhan, Ojas</creator><creator>O’Neill, Zheng</creator><creator>Wen, Jin</creator><creator>Yang, Zhiyao</creator><creator>Fu, Yangyang</creator><creator>Chu, Mengyuan</creator><creator>Huang, Jiajing</creator><creator>Wu, Teresa</creator><creator>Candan, K. Selcuk</creator><creator>Adetola, Veronica</creator><creator>Zhu, Qi</creator><general>Elsevier B.V</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>OTOTI</scope></search><sort><creationdate>20241001</creationdate><title>Emulation and detection of physical faults and cyber-attacks on building energy systems through real-time hardware-in-the-loop experiments</title><author>Li, Guowen ; Ren, Lingyu ; Pradhan, Ojas ; O’Neill, Zheng ; Wen, Jin ; Yang, Zhiyao ; Fu, Yangyang ; Chu, Mengyuan ; Huang, Jiajing ; Wu, Teresa ; Candan, K. Selcuk ; Adetola, Veronica ; Zhu, Qi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c214t-4342269fe3001e1dc2f8a0f1b0abd9cd580368c6ba4f18f1ffca8e4685b7f623</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Building energy management system</topic><topic>Cyber-attacks</topic><topic>Hardware-in-the-loop</topic><topic>Physical faults</topic><topic>smart building</topic><topic>Smart buildings</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Li, Guowen</creatorcontrib><creatorcontrib>Ren, Lingyu</creatorcontrib><creatorcontrib>Pradhan, Ojas</creatorcontrib><creatorcontrib>O’Neill, Zheng</creatorcontrib><creatorcontrib>Wen, Jin</creatorcontrib><creatorcontrib>Yang, Zhiyao</creatorcontrib><creatorcontrib>Fu, Yangyang</creatorcontrib><creatorcontrib>Chu, Mengyuan</creatorcontrib><creatorcontrib>Huang, Jiajing</creatorcontrib><creatorcontrib>Wu, Teresa</creatorcontrib><creatorcontrib>Candan, K. Selcuk</creatorcontrib><creatorcontrib>Adetola, Veronica</creatorcontrib><creatorcontrib>Zhu, Qi</creatorcontrib><creatorcontrib>Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)</creatorcontrib><collection>CrossRef</collection><collection>OSTI.GOV</collection><jtitle>Energy and buildings</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Li, Guowen</au><au>Ren, Lingyu</au><au>Pradhan, Ojas</au><au>O’Neill, Zheng</au><au>Wen, Jin</au><au>Yang, Zhiyao</au><au>Fu, Yangyang</au><au>Chu, Mengyuan</au><au>Huang, Jiajing</au><au>Wu, Teresa</au><au>Candan, K. Selcuk</au><au>Adetola, Veronica</au><au>Zhu, Qi</au><aucorp>Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)</aucorp><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Emulation and detection of physical faults and cyber-attacks on building energy systems through real-time hardware-in-the-loop experiments</atitle><jtitle>Energy and buildings</jtitle><date>2024-10-01</date><risdate>2024</risdate><volume>320</volume><spage>114596</spage><pages>114596-</pages><artnum>114596</artnum><issn>0378-7788</issn><abstract>•A flexible HIL framework to emulate faults and attacks in building energy systems.•Energy performance, controller dynamics and network traffic are real-time monitored.•A joint classification framework to differentiate physical faults and cyber-attacks.•Real-time HIL experiments conducted to validate the threat detection algorithms.
The increasing use of remote or mobile access, integrated wearable technologies, data exchange, and cloud-based data analytics in modern smart buildings is steering the building industry towards open communication technologies. The increased connectivity and accessibility could lead to more cyber-attacks in smart buildings. On the other hand, physical faults (e.g., HVAC − heating, ventilation, and air-conditioning faults) may have similar adverse impacts as those from the cyber-attacks on building energy systems, such as occupant discomfort, energy wastage, and equipment downtime. However, current physical behavior-based anomaly detection methods fail to differentiate between cyber-attacks and physical faults in building energy systems. Moreover, the challenge in collecting real-world threat data with ground truth has led researchers to rely on numerical models with user-defined assumptions, which may not accurately reflect real-world conditions due to the lack of in-situ experimental datasets. To address these challenges and gaps, this paper presents a flexible hardware-in-the-loop (HIL) testbed for generating cyber-attack and physical fault datasets and demonstrating threat detection algorithms in a real building automation system (BAS) environment. This testbed combines hardware (i.e., real BAS with local HVAC controllers and a physical network) with software (i.e., high-fidelity models to represent behaviors of building envelope and HVAC energy systems), enabling emulations of realistic threats. Five HIL experiments, including one baseline without any threats, two with physical faults, and two with cyber-attacks, were conducted to generate datasets containing detailed network traffic and system states. A joint classification framework, incorporating a network analyzer and a physical HVAC fault detector, was proposed to automatically detect cyber-physical abnormalities on BAS at both the network and the physical HVAC levels. The network analyzer comprises a conditional random fields (CRF) based command validator and a statistics-based detection strategy. The fault detector employs a weather and schedule-based pattern matching and feature-based principal component analysis (WPM-FPCA) method. Evaluation of the classification using four metrics from the multi-class confusion matrix revealed an average accuracy of 90.2 %, recall of 89.7 %, precision of 88.5 % and F1-score of 89.2 %. These results demonstrate that the proposed joint classification framework can effectively differentiate between specific types of cyber-attacks (e.g., device reinitialization attack, network Denial-of-Service attack) and physical faults (e.g., air handling unit operational fault, cooling coil valve stuck) in real time for improved building energy management.</abstract><cop>United States</cop><pub>Elsevier B.V</pub><doi>10.1016/j.enbuild.2024.114596</doi></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0378-7788 |
| ispartof | Energy and buildings, 2024-10, Vol.320, p.114596, Article 114596 |
| issn | 0378-7788 |
| language | eng |
| recordid | cdi_osti_scitechconnect_2458230 |
| source | Elsevier ScienceDirect Journals |
| subjects | Building energy management system Cyber-attacks Hardware-in-the-loop Physical faults smart building Smart buildings |
| title | Emulation and detection of physical faults and cyber-attacks on building energy systems through real-time hardware-in-the-loop experiments |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T09%3A56%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-elsevier_osti_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Emulation%20and%20detection%20of%20physical%20faults%20and%20cyber-attacks%20on%20building%20energy%20systems%20through%20real-time%20hardware-in-the-loop%20experiments&rft.jtitle=Energy%20and%20buildings&rft.au=Li,%20Guowen&rft.aucorp=Pacific%20Northwest%20National%20Laboratory%20(PNNL),%20Richland,%20WA%20(United%20States)&rft.date=2024-10-01&rft.volume=320&rft.spage=114596&rft.pages=114596-&rft.artnum=114596&rft.issn=0378-7788&rft_id=info:doi/10.1016/j.enbuild.2024.114596&rft_dat=%3Celsevier_osti_%3ES0378778824007126%3C/elsevier_osti_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_els_id=S0378778824007126&rfr_iscdi=true |