Title: On False Data Injection Attack against Building Automation Systems

Abstract: KNX is one popular communication protocol for a building automation system (BAS). However, its lack of security makes it subject to a variety of attacks. We are the first to study the false data injection attack against a KNX based BAS. We design a man-in-the-middle (MITM) attack to change the data from a temperature sensor and inject false data into the BAS. We model a BAS and analyze the impact of the false data injection attack on the system in terms of energy cost. Since the MITM attack may disturb the KNX traffic, we design a machine learning (ML) based detection strategy to detect the false data injection attack using a novel feature based on the Jensen Shannon Divergence (JSD), which measures the similarity of KNX telegram inter-arrival time distributions with attack and with no attack. We perform real-world experiments and validate the presented false data injection attack and the ML based detection strategy. We also simulate a BAS, and show that the false data injection attack has a huge impact on the BAS in terms of power consumption.