{"id":"https://openalex.org/W4405181431","doi":"https://doi.org/10.1145/3658644.3690216","title":"Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing","display_name":"Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181431","doi":"https://doi.org/10.1145/3658644.3690216"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690216","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690216","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690216","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690216","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100333755","display_name":"Yue Zhang","orcid":"https://orcid.org/0000-0002-7786-0231"},"institutions":[{"id":"https://openalex.org/I72816309","display_name":"Drexel University","ror":"https://ror.org/04bdffz58","country_code":"US","type":"education","lineage":["https://openalex.org/I72816309"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yue Zhang","raw_affiliation_strings":["Drexel University, Philadelphia, PA, USA"],"affiliations":[{"raw_affiliation_string":"Drexel University, Philadelphia, PA, USA","institution_ids":["https://openalex.org/I72816309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044255077","display_name":"Zhen Ling","orcid":"https://orcid.org/0000-0001-9691-8702"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhen Ling","raw_affiliation_strings":["Southeast University, Nanjing, Jiangsu, China"],"affiliations":[{"raw_affiliation_string":"Southeast University, Nanjing, Jiangsu, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038512315","display_name":"Michael Cash","orcid":"https://orcid.org/0000-0002-1020-2736"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Cash","raw_affiliation_strings":["University of Central Florida, Orlando, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001186001","display_name":"Q X Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiguang Zhang","raw_affiliation_strings":["Southeast University, Nanjing, Jiangsu, China"],"affiliations":[{"raw_affiliation_string":"Southeast University, Nanjing, Jiangsu, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028997437","display_name":"Christopher Morales-Gonzalez","orcid":"https://orcid.org/0000-0001-9403-6837"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Morales-Gonzalez","raw_affiliation_strings":["UMass Lowell, Lowell, MA, USA"],"affiliations":[{"raw_affiliation_string":"UMass Lowell, Lowell, MA, USA","institution_ids":["https://openalex.org/I133738476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041088605","display_name":"Wei Sun","orcid":"https://orcid.org/0000-0002-8668-8891"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qun Zhou Sun","raw_affiliation_strings":["University of Central Florida, Orlando, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063375840","display_name":"Xinwen Fu","orcid":"https://orcid.org/0000-0003-2391-7789"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinwen Fu","raw_affiliation_strings":["UMass Lowell, Lowell, MA, USA"],"affiliations":[{"raw_affiliation_string":"UMass Lowell, Lowell, MA, USA","institution_ids":["https://openalex.org/I133738476"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100333755"],"corresponding_institution_ids":["https://openalex.org/I72816309"],"apc_list":null,"apc_paid":null,"fwci":1.0909,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.80441115,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1761","last_page":"1775"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12222","display_name":"IoT-based Smart Home Systems","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9056060314178467},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7765613794326782},{"id":"https://openalex.org/keywords/home-automation","display_name":"Home automation","score":0.5818196535110474},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5597909092903137},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5403632521629333},{"id":"https://openalex.org/keywords/building-automation","display_name":"Building automation","score":0.5136207938194275},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.45317015051841736},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3893592357635498},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.349263072013855},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22227832674980164},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12300395965576172}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9056060314178467},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7765613794326782},{"id":"https://openalex.org/C507571656","wikidata":"https://www.wikidata.org/wiki/Q848436","display_name":"Home automation","level":2,"score":0.5818196535110474},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5597909092903137},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5403632521629333},{"id":"https://openalex.org/C83931994","wikidata":"https://www.wikidata.org/wiki/Q1149653","display_name":"Building automation","level":2,"score":0.5136207938194275},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.45317015051841736},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3893592357635498},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.349263072013855},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22227832674980164},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12300395965576172},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690216","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690216","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690216","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690216","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690216","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690216","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181431.pdf"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W1578767724","https://openalex.org/W1976878954","https://openalex.org/W1999041630","https://openalex.org/W2350778671","https://openalex.org/W2602493532","https://openalex.org/W2613534458","https://openalex.org/W2752929869","https://openalex.org/W2791018263","https://openalex.org/W2795192879","https://openalex.org/W2904810418","https://openalex.org/W2927166905","https://openalex.org/W2947182139","https://openalex.org/W2947814692","https://openalex.org/W2965717902","https://openalex.org/W3015193297","https://openalex.org/W3095263801","https://openalex.org/W3106959425","https://openalex.org/W3111743984","https://openalex.org/W3154121988","https://openalex.org/W3159804869","https://openalex.org/W3164168419","https://openalex.org/W3183842862","https://openalex.org/W3189320827","https://openalex.org/W4220830491","https://openalex.org/W4247255270","https://openalex.org/W4383866927","https://openalex.org/W4388720055","https://openalex.org/W4390811600","https://openalex.org/W4391027367","https://openalex.org/W4391531752","https://openalex.org/W4400997661","https://openalex.org/W4405182272"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W3015874164","https://openalex.org/W2913971432","https://openalex.org/W2597972256","https://openalex.org/W1860767939","https://openalex.org/W2164722262","https://openalex.org/W4200521116","https://openalex.org/W1502755437"],"abstract_inverted_index":{"Building":[0,47],"Automation":[1,48],"Systems":[2],"(BAS)":[3],"play":[4],"a":[5,52,67,72],"pivotal":[6],"role":[7],"in":[8,85,97,174],"modern":[9],"smart":[10,29],"buildings,":[11],"integrating":[12],"sensors,":[13],"controllers,":[14],"and":[15,25,95,106,125,153,186,201],"software":[16],"to":[17,56,136,193],"manage":[18],"crucial":[19],"functions":[20],"such":[21,177],"as":[22,178],"HVAC,":[23],"lighting,":[24],"more.":[26],"The":[27],"global":[28],"building":[30],"market":[31],"is":[32],"on":[33,149,209],"the":[34,37,46,58,138,167,194,199],"rise,":[35],"underscoring":[36],"importance":[38],"of":[39,60,142,171,183],"securing":[40],"BAS":[41,61,63,68,73,76,86,98,151,175],"networks.":[42,62],"This":[43],"paper":[44],"introduces":[45],"System":[49],"Evaluator":[50],"(BASE),":[51],"specialized":[53],"fuzzer":[54],"designed":[55],"assess":[57],"security":[59,169,187],"networks":[64],"typically":[65],"involve":[66],"client":[69],"communicating":[70],"with":[71,102,110],"server":[74,108],"through":[75],"protocols":[77],"(e.g.,":[78],"BACnet,":[79],"KNX),":[80],"each":[81],"presenting":[82],"unique":[83],"challenges":[84,90],"network":[87],"fuzzing.":[88],"These":[89],"encompass":[91],"complex":[92],"packet":[93],"structures":[94],"sequencing":[96],"protocols,":[99],"closed-source":[100],"clients":[101,120],"indeterminable":[103],"code":[104,122],"coverage,":[105],"unobservable":[107],"status":[109],"limited":[111],"throughput.":[112,145],"BASE":[113,148],"automatically":[114],"identifies":[115],"protocol":[116],"structures,":[117],"dynamically":[118],"instruments":[119],"for":[121,128],"coverage":[123,130],"analysis,":[124],"monitors":[126],"responses":[127],"new":[129,157],"areas.":[131],"Collected":[132],"timestamps":[133],"are":[134],"used":[135],"estimate":[137],"input":[139],"scan":[140],"intervals":[141],"servers,":[143],"optimizing":[144],"We":[146,189],"evaluated":[147],"various":[150],"servers":[152],"clients,":[154],"uncovering":[155],"13":[156],"vulnerabilities.":[158],"Furthermore,":[159],"we":[160],"present":[161],"three":[162],"attack":[163],"case":[164],"studies,":[165],"highlighting":[166],"real-world":[168],"implications":[170],"these":[172],"vulnerabilities":[173],"systems,":[176],"delayed":[179],"fire":[180],"detection,":[181],"loss":[182],"climate":[184],"control,":[185],"breaches.":[188],"reported":[190],"our":[191,210],"findings":[192],"respective":[195],"vendors,":[196],"who":[197],"acknowledged":[198],"implications,":[200],"some":[202],"have":[203],"subsequently":[204],"patched":[205],"their":[206],"systems":[207],"based":[208],"reports.":[211]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}