Smart building equipment and automation systems often become a target of attacks and are used for attacking other targets located out of the Home Area Network. Attacks are often related to changes in traffic volume, disturbed packet flow or excessive energy consumption. Their symptoms can be recognized and interpreted locally, using software agent at Home Gateway. Although anomalies are detected locally at the Home Gateway, they can be exploited globally. Thus, it is significantly important to detect global attack attempts through anomalies correlation.