top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

THE-driven Classification Model

Introduction

The THE classification for BACnet traffic data was proposed in the paper titled Safeguarding Building Automation Networks: THE-Driven Anomaly Detector Based on Traffic Analysis by Dr. Zheng and Dr. Reddy. The method involves splitting all network data into three categories:

​

Time-driven: normally generated by scheduled control programs that trigger service requests according to different timers. Such traffic presents time regularity and is not affected by real-time events of the network

Human-driven: requests that are directly generated by humans or through control programs

Event-driven: service requests that are not generated by timers or humans. It depends on a broad range of events such as Change-of-Value (COV) on objects, system status change (normal/offnormal/fault), device failures, receiving alarms and other service messages.

Referenced from Z. Zheng and A. Reddy, "Safeguarding Building Automation Networks: THE-Driven Anomaly Detector Based on Traffic Analysis", ICCCN, July 2017. (Link)​

Model Implementation

As part of understanding BACnet traffic, the THE classiffication helped decide on two different strategies for our machine learning model. Time-based events thus were treated separately from Human and Event based requests. This is an obvious step in hindsight, as frequency based detection and finding other patterns in the message traffic work a little differently from each other in our  algorithm.

Read the Algorithm section for the full picture!

bottom of page