BACGraph: Automatic Extraction of Object Relationships in the BACnet Protocol

This work presents BACGRAPH, a tool that extracts relationships among configuration parameters of Building Automation and Control Systems (BACSs) implemented using the BACnet protocol (ISO 16484-5). BACnet models these configuration parameters as object data structures comprised of multiple properties, some of which contain references to other objects. Given the regular exchange of objects among devices, we leverage these explicit references to build a graph of BACnet objects exclusively from network traffic. We tested BACGRAPH using traffic collected from a real building located at the University of Twente. After analyzing 66.8 hours of traffic, the resulting graph is comprised of 13,733 nodes and 3,169 edges. Such a graph improves the system visibility that BACS administrators have over their infrastructure, which is crucial for troubleshooting and security.