A cybersecurity framework to GUArantee Reliability and trust for Digital service chains (GUARD)

Our solution ensures the security of organizations' digital service chains. Despite operating under uncertainty, despite technical and business barriers and limitations. Check out how this is possible

Safety lock
Logo of GUARD project

Challenge

The GUARD project was initiated in response to emerging trends on the cybersecurity market, aiming to address the crucial challenges hindering the adoption of modern tools and technologies—particularly among small and medium-sized enterprises.

The main objective of the GUARD project was to develop an information system capable of overcoming several critical limitations, such as:

  • Ineffective tools for detecting cyberattacks and anomalies within information systems
  • Incomplete data, which hampers the identification of unknown threats and hacking attacks,
  • Outdated architectures and technologies for sharing threat intelligence,
  • Technological and business constraints, e.g. a dependency on a single service provider
  • Limited interaction with system users.
Projekty_Guard_ikona
Project leader
Prof. Joanna Kolodziej

What have we done?

The GUARD project has developed a cutting-edge system for advanced control and protection of trustworthy and reliable business chains (SAPs) spanning across multiple domains and infrastructures.

The GUARD system is a platform with security services powered by technologies and algorithms for detecting cyberattacks and identifying new cyber threats. We have applied machine learning techniques on large data sets sourced from multiple administrative domains. The platform enables the integration of fine-grained, programmable, and low-cost system monitoring functions. Then these capabilities – along with anomaly detection methods – are combined into analytics chains (SAPs).

One of the features of the platform is its support for multi-agent systems. These security agents are deployed both within the client’s infrastructure and inside the GUARD platform itself. The agents send monitoring data from the analysed system (or information on detected threats) and communicate with the Security Controller – the module responsible for configuring SAPs. Complementing this, an intelligent interface (Dashboard) notifies users of threats, system configuration updates, and recommended mitigation strategies for detected attacks.

NASK was responsible for developing and implementing the Net Anomaly Detector (NAD) module, designed to detect anomalies and unknown attacks in both local (client-side) networks and TCP/IP protocol-based networks. Additionally, we have developed a multi-agent system for monitoring both local and wide-area networks (the Internet) to identify signatures of DDoS attacks.

The GUARD system has been tested in two complex practical scenarios:

The first involves a vehicle fleet management system for private companies or municipalities used for postal services, municipal patrols, food deliveries, etc. The system generates optimal routes in the municipal infrastructure, schedules maintenance and recharging dates, records operating time, etc. The system was developed by Wobcom (a partner in GUARD) and consists of a number of devices and cloud-based applications: an EV Internet bridge developed by JIG, public information services (road maps, traffic conditions, charging stations, etc.), an Orion context broker, a Cygnus data collector, and a fleet management application.

The second scenario involves a medical service system for the treatment plan and clinical pathway of breast cancer patients, hosted by UNITOV (a partner in GUARD). GUARD was tested on original data from the Breast Unit at Policlinico Tor Vergata in Rome (part of UNITOV), collected from several medical facilities. Personal data was anonymized, and homomorphic encryption was used for pseudo-anonymization. Personal data was processed using a neutral code secured in a way that prevented identification.

The system created under the GUARD project was only a prototype of the actual system – work on it will be continued under the new project.

Joanna Kołodziej, NASK’s research team leader and coordinator of the work of the Polish institutions in the GUARD project:

The comprehensive solution developed as part of the GUARD project makes it possible to tailor the optimal tools and methods for detecting threats and anomalies to the requirements of users and the configuration of a specific system right at the stage of the initial analysis of these threats. This raises the level of awareness of potential cyber threats among employees at various levels in the client company’s organizational structure and enables a quick and effective response to these threats.

More information about the project can be found here and on the project website.