A cybersecurity framework to GUArantee Reliability and trust for Digital service chains (GUARD)

The GUARD project came out of the current trends in the cybersecurity market and was proposed as a solution to eliminate the most significant barriers to the introduction of modern tools and technologies, mainly in small and medium-sized enterprises. The main objective of the GUARD project was to develop an information system that would enable the reduction of problems and limitations such as:

• inefficient tools for detecting attacks and anomalies in information systems;
• incomplete information affecting difficulties in detecting unknown threats and hacking attacks;
• architecturally and technologically outdated systems for sharing threat information;
• technological and business barriers – e.g., working with a single service provider;
• limited interaction with system users.

The project has developed a state-of-the-art system for advanced control and protection of trustworthy and reliable business chains (SAPs) spanning multiple domains and infrastructure.

The GUARD system is a platform with security services realized by technologies and algorithms for detecting cyber attacks and identifying new cyber threats. We have applied machine learning methods on large data sets from multiple administrative domains. The platform enables the integration of fine-grained, programmable, and low-cost system monitoring functions. It then combines them, along with anomaly detection methods, into analytics chains (SAPs).

GUARD also supports multi-agent systems – so-called security agents, installed on the client’s infrastructure side as well as inside the platform itself. The agents send monitoring data from the analyzed system (or information about detected threats) and communicate with the Security Controller – the module responsible for configuring SAPs. GUARD also has an intelligent interface (Dashboard) used to notify the user of threats, the current system configuration, and to display information on possible mitigation methods for detected attacks.

NASK was responsible for developing and implementing a module – Net Anomaly Detector (NAD) – for detecting anomalies and unknown attacks in local (client-side) and TCP/IP protocol networks. In addition, we have developed a multi-agent system for monitoring local and wide area networks (Internet) to detect signatures of DDoS attacks.

The GUARD system has been tested in two complex practical scenarios.

The first involves a vehicle fleet management system for private companies or municipalities used for postal services, municipal patrols, food deliveries, etc. The system generates optimal routes in the municipal infrastructure, schedules maintenance and recharging dates, records operating time, etc. The system was developed by Wobcom (a partner in GUARD) and consists of a number of devices and cloud-based applications: an EV Internet bridge developed by JIG, public information services (road maps, traffic conditions, charging stations, etc.), an Orion context broker, a Cygnus data collector, and a fleet management application.

The second scenario involves a medical service system for the treatment plan and clinical pathway of breast cancer patients, hosted by UNITOV (a partner in GUARD). GUARD was tested on original data from the Breast Unit at Policlinico Tor Vergata in Rome (part of UNITOV), collected from several medical facilities. Personal data was anonymized, and homomorphic encryption was used for pseudo-anonymization. Personal data was processed using a neutral code secured in a way that prevented identification.

The system created under the GUARD project was only a prototype of the actual system – work on it will be continued under the new project.

Joanna Kołodziej, NASK’s research team leader and coordinator of the work of the Polish institutions in the GUARD project:

The comprehensive solution developed as part of the GUARD project makes it possible to tailor the optimal tools and methods for detecting threats and anomalies to the requirements of users and the configuration of a specific system right at the stage of the initial analysis of these threats. This raises the level of awareness of potential cyber threats among employees at various levels in the client company’s organizational structure and enables a quick and effective response to these threats.

More information on the project can be found here.