On False Data Injection Attack Against Building Automation Systems

KNX is one popular communication protocol for a building automation system (BAS). However, its lack of security makes it subject to a variety of attacks. We are the first to study the false data injection attack against a KNX based BAS. We design a man-in-the-middle (MITM) attack to change the data from a temperature sensor and inject false data into the BAS. We model a BAS and analyze the impact of the false data injection attack on the system in terms of energy cost. Since the MITM attack may disturb the KNX traffic, we design a machine learning (ML) based detection strategy to detect the false data injection attack using a novel feature based on the Jensen Shannon Divergence (JSD), which measures the similarity of KNX telegram inter-arrival time distributions with attack and with no attack. We perform real-world experiments and validate the presented false data injection attack and the ML based detection strategy. We also simulate a BAS, and show that the false data injection attack has a huge impact on the BAS in terms of power consumption. Our results show an increase in overall energy cost during a false data injection attack. Other the examined ML models, the Support Vector Machine (SVM) classifier achieved the best results with a 100% detection rate with our proposed similarity features compared to mean and variance related features.