traffic measurement and analysis of building automation
play

Traffic Measurement and Analysis of Building Automation and Control - PowerPoint PPT Presentation

Mar 04, 2023 •357 likes •723 views

Traffic Measurement and Analysis of Building Automation and Control Networks Radek Krej, Pavel eleda, Jakub Dobrovoln rkrejci@cesnet.cz, {celeda|dobrovolny}@ics.muni.cz AIMS 2012 - 6th International Conference on Autonomous

  1. Traffic Measurement and Analysis of Building Automation and Control Networks Radek Krejčí, Pavel Čeleda, Jakub Dobrovolný rkrejci@cesnet.cz, {celeda|dobrovolny}@ics.muni.cz AIMS 2012 - 6th International Conference on Autonomous Infrastructure, Management and Security, 4-8 June 2012, Luxembourg

  2. Part I Building Automation and Control Network Monitoring R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 2 / 22

  3. FROM 172.16.96.48:15094 TO 172.16.96.48:15094 SRC and DST port Protocol number Lifetime Number of packets Sum of bytes TCP flags Others HTTP Request SRC and DST IP addr TO 209.85.135.147:80 HTTP Response FROM 209.85.135.147:80 IP Flow Monitoring Flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Packets Bytes 09:41:21.763 0.101 TCP 172.16.96.48:15094 -> 209.85.135.147:80 .AP.SF 4 715 09:41:21.893 0.031 TCP 209.85.135.147:80 -> 172.16.96.48:15094 .AP.SF 4 1594 R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 3 / 22

  4. What About Special Networks? Building Management System (BMS) networks Supervisory Control And Data Acquisition (SCADA) networks IP WAN Ethernet RS-485 OPERATIONAL CENTER APLICATION SERVERS LAN MANAGEMENT DIGITAL VIDEO LIFE SAFETY SECURITY BUILDING ENERGY (HVAC) R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 4 / 22

  5. Network Monitoring in Special Environment Active Monitoring – SNMP polling, ICMP ping Nagios Zabbix R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 5 / 22

  6. Network Monitoring in Special Environment Active Monitoring – SNMP polling, ICMP ping Nagios Zabbix Deep Packet Inspection Specialized Firewalls (BACnet Firewall Router) Intrusion Detection/Prevention Systems R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 5 / 22

  7. Network Monitoring in Special Environment Active Monitoring – SNMP polling, ICMP ping Nagios Zabbix Deep Packet Inspection Specialized Firewalls (BACnet Firewall Router) Intrusion Detection/Prevention Systems Flow Monitoring Barbosa et al. (University of Twente) Using standard NetFlow – limited to IP only. R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 5 / 22

  8. BMS Network Environment BACnet Protocol Communication protocol for BMS networks. ASHRAE standard 135 – U.S. standard, adapted by ISO, EU. Various protocols used at transport layer: LonTalk, MS/TP, Ethernet, Ethernet/IP, ZigBee, . . . Contains key information about BMS network traffic. R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 6 / 22

  9. BMS Network Environment BACnet Protocol Communication protocol for BMS networks. ASHRAE standard 135 – U.S. standard, adapted by ISO, EU. Various protocols used at transport layer: LonTalk, MS/TP, Ethernet, Ethernet/IP, ZigBee, . . . Contains key information about BMS network traffic. Need of modification of IP flow for the BACnet environment BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 6 / 22

  10. Part II BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 7 / 22

  11. NetFlow VLAN IP TCP/UDP ETH IP TCP/UDP ETH Other NetFlow vs. BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 8 / 22

  12. NetFlow VLAN IP TCP/UDP ETH IP TCP/UDP ETH Other BACnetFlow ETH BACnet/ARP/ISMP/LLDP/Slow protocols/... BACnet NetFlow vs. BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 8 / 22

  13. Flow record key fields DNET DADR SNET SADR BACnet network layer key fields BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 9 / 22

  14. layer key fields key fields key fields DNET DADR SNET SADR BACnet network Flow record DST MAC ADR SRC MAC ADR VLAN ID Ethernet-related BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 9 / 22

  15. VLAN ID SRC MAC ADR SRC PORT SRC IPv4 ADR DST PORT DST IPv4 ADR key fields Ethernet-related Flow record DST MAC ADR key fields layer key fields BACnet network SADR SNET DADR DNET key fields BACnet over IP BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 9 / 22

  16. SRC IPv4 ADR DST PORT Byte Count Timestamps Ethertype Message Type Hop Count Control non-key fields Flow record key fields BACnet over IP SRC PORT Flow record DST IPv4 ADR ... key fields Ethernet-related VLAN ID SRC MAC ADR DST MAC ADR layer key fields BACnet network SADR SNET DADR DNET key fields Packet Count BACnetFlow R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 9 / 22

  17. SRC PORT DST PORT Byte Count Timestamps Ethertype Message Type Hop Count Control non-key fields Flow record key fields BACnet over IP Flow record SRC IPv4 ADR DST IPv4 ADR ... key fields Ethernet-related VLAN ID SRC MAC ADR DST MAC ADR layer key fields BACnet network SADR SNET DADR DNET key fields Packet Count BACnetFlow Need of flexible flow information protocol (IPFIX). R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 9 / 22

  18. BACnetFlow probe FlowMon Engine filter BACnet input plugin NetFlow exporter BACnet exporter BACnetFlow Monitoring System Architecture BACnetFlow Probe based on FlowMon exporter engine with BACnet plugins. R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 10 / 22

  19. over Ethernet exporter IP network IP network BACnet over network BACnetFlow probe BACnet BACnet port exporter NetFlow plugin input BACnet filter FlowMon Engine mirror BACnetFlow Monitoring System Architecture BACnet Network is an Ethernet network at rate of 10-1000 Mbps. BACnetFlow Probe based on FlowMon exporter engine with BACnet plugins. R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 10 / 22

  20. IP network network (NFDUMP) collector BACnetFlow (SQL database) port mirror IP network BACnetFlow probe BACnet over over Ethernet collector BACnet exporter BACnet exporter NetFlow plugin input BACnet filter FlowMon Engine NetFlow BACnetFlow Monitoring System Architecture BACnet Network is an Ethernet network at rate of 10-1000 Mbps. BACnetFlow Probe based on FlowMon exporter engine with BACnet plugins. BACnetFlow Collectors stores flow information for further analysis. R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 10 / 22

  21. Part III Measurement and Analysis R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 11 / 22

  22. Monitored Network Masaryk University Campus more than 24 teaching pavilions BACnet over Ethernet and BACnet over IP BMS networks monitoring of the 1 Gbps mirror port of the core switch week long measurement (Jan 16, 2012 – Jan 23, 2012) R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 12 / 22

  23. Overall Traffic Statistics Protocol Bytes Packets Flows bps pps TCP 3.6 T 3.6 G 533628 47.4 M 6013 BACnet/IP 7.2 G 79.5 M 5.3 M 95.2 K 131.4 BACnet/Eth 5.4 G 59.8 M 6.2 M 71.4 K 98.9 UDP 814.0 M 6.6 M 2.5 M 10757 10 ICMP 722.4 M 7.0 M 1.1 M 9550 11 ARP 680 M 10.5 M 1.8 M 8995 17.4 Other 63.7 M 0.6 M 0.6 M 105 1 OSPF 25.6 M 191079 1990 338 0 PIM 4.6 M 61131 6435 60 0 IGMP 2.0 M 31509 14012 26 0 ICMP6 1.7 M 18362 1261 22 0 Total 3.7 T 3.8 G 4.3 M 47.6 M 6282 R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 13 / 22

  24. Overall Traffic Statistics Protocol Bytes Packets Flows bps pps TCP 3.6 T 3.6 G 533628 47.4 M 6013 BACnet/IP 7.2 G 79.5 M 5.3 M 95.2 K 131.4 BACnet/Eth 5.4 G 59.8 M 6.2 M 71.4 K 98.9 UDP 814.0 M 6.6 M 2.5 M 10757 10 ICMP 722.4 M 7.0 M 1.1 M 9550 11 ARP 680 M 10.5 M 1.8 M 8995 17.4 Other 63.7 M 0.6 M 0.6 M 105 1 OSPF 25.6 M 191079 1990 338 0 PIM 4.6 M 61131 6435 60 0 IGMP 2.0 M 31509 14012 26 0 ICMP6 1.7 M 18362 1261 22 0 Total 3.7 T 3.8 G 4.3 M 47.6 M 6282 R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 13 / 22

  25. Overall Traffic Statistics Protocol Bytes Packets Flows bps pps TCP 3.6 T 3.6 G 533628 47.4 M 6013 BACnet/IP 7.2 G 79.5 M 5.3 M 95.2 K 131.4 BACnet/Eth 5.4 G 59.8 M 6.2 M 71.4 K 98.9 UDP 814.0 M 6.6 M 2.5 M 10757 10 ICMP 722.4 M 7.0 M 1.1 M 9550 11 ARP 680 M 10.5 M 1.8 M 8995 17.4 Other 63.7 M 0.6 M 0.6 M 105 1 OSPF 25.6 M 191079 1990 338 0 PIM 4.6 M 61131 6435 60 0 IGMP 2.0 M 31509 14012 26 0 ICMP6 1.7 M 18362 1261 22 0 Total 3.7 T 3.8 G 4.3 M 47.6 M 6282 R. Krejčí et al. Traffic Measurement and Analysis of Building Automation and Control Networks 13 / 22

Recommend

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic

Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic

Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic measurement and analysis in WIDE measurement activities across research groups broad perspectives - tracking long-term trends - analysis (with wide

415 views • 12 slides
Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

575 views • 25 slides
Measurement of Data Traffic Measurement of Data Traffic in Cellular Networks 2008.8.16 Kisu

Measurement of Data Traffic Measurement of Data Traffic in Cellular Networks 2008.8.16 Kisu

Measurement of Data Traffic Measurement of Data Traffic in Cellular Networks 2008.8.16 Kisu Kim, Hyeongu Son, Taeck-keun Kwon, DK Lee*, S. Moon* and Youngseok Lee, Chungnam National University *KAIST D Daejon, Korea j K 1 Contents

1.2k views • 28 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet? Active measurement vs. passive

771 views • 31 slides
Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet? q Active measurement vs. passive

654 views • 31 slides
Measurement and Analysis of Traffic in a Hybrid Satellite-Terrestrial Network Qing (Kenny) Shao

Measurement and Analysis of Traffic in a Hybrid Satellite-Terrestrial Network Qing (Kenny) Shao

Measurement and Analysis of Traffic in a Hybrid Satellite-Terrestrial Network Qing (Kenny) Shao and Ljiljana Trajkovic { qshao, ljilja} @cs.sfu.ca Communication Networks Laboratory http://www.ensc.sfu.ca/cnl School of Engineering Science

533 views • 29 slides
Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

1 Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless traffic

720 views • 43 slides
Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network Security at Prague Embedded Systems Workshop (PESW 2019) June 28, 2019 Milan Cermak Institute of Computer Science, Masaryk University, Brno 2 3

440 views • 20 slides
Industrial Automation Automation Industrielle Industrielle Automation Safety analysis and

Industrial Automation Automation Industrielle Industrielle Automation Safety analysis and

Industrial Automation Automation Industrielle Industrielle Automation Safety analysis and standards 9.6 Analyse de scurit et normes Sicherheitsanalyse und Normen Prof Dr. Hubert Kirrmann & Dr. B. Eschermann ABB Research Center,

799 views • 31 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis & Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
Measurement Techniques Part 2: Measurement Techniques Terminology and general issues

Measurement Techniques Part 2: Measurement Techniques Terminology and general issues

Part 2 Measurement Techniques Part 2: Measurement Techniques Terminology and general issues Active performance measurement SNMP and RMON Packet monitoring Flow measurement Traffic analysis Terminology and General I

758 views • 64 slides
Building Controls and Automation Being Prepared for Complex Building Systems May 1, 2019

Building Controls and Automation Being Prepared for Complex Building Systems May 1, 2019

Massachusetts School Building Authority Deborah B. Goldberg, State Treasurer and Receiver-General Chairperson James MacDonald John K. McCarthy Chief Executive Officer Executive Director Building Controls and Automation Being Prepared for

539 views • 28 slides
NETxAutomation building management sof t ware AUTOMATION NETxAutomation Software GmbH Austrian

NETxAutomation building management sof t ware AUTOMATION NETxAutomation Software GmbH Austrian

AUTOMATION NETxAutomation building management sof t ware AUTOMATION NETxAutomation Software GmbH Austrian company that is operating world-wide Founded in 2001 Software solutions for building automation systems Integration of

1.05k views • 81 slides
Simulation, Measurement and Analysis of Photoemission Simulation, Measurement and Analysis of

Simulation, Measurement and Analysis of Photoemission Simulation, Measurement and Analysis of

Thomas Jefferson National Accelerator Facility (Jefferson Lab) Newport News, Virginia Simulation, Measurement and Analysis of Photoemission Simulation, Measurement and Analysis of Photoemission from Dispenser Cathodes, Metals and Coated

706 views • 42 slides
1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures

1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures

Industrial Automation Spring 2019, EPFL 1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures aiming at replacing human work through machines (e.g. automation is applied science) 2) the

1.39k views • 63 slides
Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2

Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2

1 Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless

805 views • 43 slides
Modelling and Analysis of Traffic Networks Based on Graph Transformation Juan de Lara E.T.S. de

Modelling and Analysis of Traffic Networks Based on Graph Transformation Juan de Lara E.T.S. de

Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT) Braunschweig, Germany. December 2-3, 2004 Modelling and Analysis of Traffic Networks Based on Graph Transformation Juan de Lara E.T.S. de Inform

754 views • 41 slides
On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and

On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and

On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and Communications Technology (NICT) ICT Testbed Research, Development and Operation Lab P2P-TV Measurement Experiments and Traffic Analysis

631 views • 19 slides
Traffic Management in the Era of VACS (Vehicle Automation and Communication Systems) Prof.

Traffic Management in the Era of VACS (Vehicle Automation and Communication Systems) Prof.

Traffic Management in the Era of VACS (Vehicle Automation and Communication Systems) Prof. Markos Papageorgiou Dynamic Systems and Simulation Laboratory, Technical University of Crete, Chania, Greece 1. WHY TRAFFIC MANAGEMENT (TM)?

770 views • 41 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
From Traffic Measurement to From Traffic Measurement to Realistic Workload Generation Realistic

From Traffic Measurement to From Traffic Measurement to Realistic Workload Generation Realistic

From Traffic Measurement to From Traffic Measurement to Realistic Workload Generation Realistic Workload Generation Felix Hernandez- -Campos Campos Felix Hernandez Ph. D. Candidate Ph. D. Candidate Dept. of Computer Science Dept. of

435 views • 16 slides
WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN

WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN

CPSC 641: WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN Traffic Measurements There have been several studies of wide area network traffic (i.e., Internet traffic) We will look briefly at two

655 views • 13 slides

More recommend