The AI4CYBER project is evaluated in three use cases that cover three critical sectors, namely the Energy, Banking and Healthcare. In the Energy use case, AI4CYBER is demonstrated on various threat scenarios that cover the energy sector, including the simulation of advanced multi-step campaign against the Information Technology (IT) infrastructure of Wide Area Measurement Systems (WAMS), fuzzing attacks against KNX-based devices used in building automation, and adversarial attacks against detection systems that monitor Open Charge Point Protocol (OCPP)-based Electric Vehicle (EV) charging infrastructure.
One of the AI4CYBER components developed within the context of the Energy use case is the KNXSmartFuzzer, a sub-component that belongs to AI4SIM. The first version of the KNXSmartFuzzer includes the implementation of 6 cyberattacks that target a KNX infrastructure, including a KNX/IP gateway and several underlying KNX devices.
The first implementation of the KNXSmartFuzzer includes the following attacks:
- knx-01-fuzzing-bof: Based on the Bioboite Opener Framework (BOF) by Orange Cyberferense, this attack sends mutated KNX messages, aiming to trigger possible errors or exploit undiscovered vulnerabilities [1].
- knx-02-unauthorized: This attack implements an unauthorized access attack, by sending unauthorized commands to the KNX devices [1].
- knx-03-net-scanning: This attack aims to discover other KNX/IP gateways [2].
- knx-04-bus-scanning: Following the KNX-03 attack, this attack scans the KNX bus to discover other KNX devices connected on the same physical KNX bus [3].
- knx-05-flooding-valid: This is a Denial of Service (DoS) attack that floods the KNX bus with commands targeting legitimate KNX devices. Goal of this attack is to exhaust network and computing resources of the KNX system [3].
- knx-06-flooding-invalid: As a variation of KNX-05, this DoS randomizes the attributes in the KNX messages, including both valid and invalid targets [3].
For more technical details and practical insights about the implementation of these attacks, as well as for the respective source code, the readers can visit the GitLab repository of the KNXSmartFuzzer v1: https://gitlab.ithaca.ece.uowm.gr/ai4cyber/knxsmartfuzzer-v1
Reference:
- Claire Vacherot. Sneak into buildings with KNXnet/IP. Sneak into buildings with KNXnet/IP, Nov 2020, Lyon, France. ⟨hal-03022310⟩
- Alessio Antonini, Federico Maggi and Stefano Zanero. A Practical Attack Against a KNX-based Building Automation System. 2014. DOI: 10.14236/ewic/ICSCSR2014.7
- V. Graveto, T. Cruz and P. Simões, “A Network Intrusion Detection System for Building Automation and Control Systems,” in IEEE Access, vol. 11, pp. 7968-7983, 2023, doi: 10.1109/ACCESS.2023.3238874.
Authors: Christos Dalamagkas (PPC), Panagiotis Radoglou-Grammatikis (UOWM)