RegSOC

RegSOC – The “Regional Cybersecurity Center” (RegSOC) project aims to enhance the level of digital security in the public sector by preparing and prototypically launching a cybersecurity center for public entities, with the potential for expansion to non-public entities.

The primary research focus of the project is to expand data sources on network events and develop solutions for more effective threat detection. In addition to commonly used methods, the project will incorporate anomaly analysis in network traffic, analysis of public textual sources, and spam campaign detection. Beyond technical solutions, the project emphasizes the establishment of communication channels and defines communication protocols among entities at the regional and central levels involved in building cybersecurity. This will enable a higher level of security, introduce procedures to reduce the likelihood of adverse events, and develop methods for broader protection against their impacts. The project will create a model solution that can subsequently be adapted and expanded to other regions in Poland.

Project Manager at the Institute of Innovative Technologies EMAG – Dr. hab. Eng. Andrzej Białas, Associate Professor at EMAG

Specific Project Objectives:

• Development of a hardware-software solution used at the client endpoint – the connection point where the entity’s internal network connects to the public network (client-side – local).
• Development of an organizational system and software for the operation of regional cybersecurity centers, integrating client devices from a given area (regional compone
• Development of integration mechanisms for regional centers (RegSOC) with the central entity – CSIRT NASK and the National Cybersecurity Platform

The project is implemented by a consortium consisting of: Wrocław University of Science and Technology (Leader), the Research and Academic Computer Network – National Research Institute (NASK-PIB), and the Łukasiewicz Research Network – Institute of Innovative Technologies EMAG

The project implementation is divided into a research phase and a deployment preparation phase, comprising a total of 7 tasks.
Wrocław University of Science and Technology is responsible for developing the regional solution (platform and organizational and operational procedures), threat analysis methods and prototyping, as well as preparation for deployment.
NASK-PIB is responsible for developing integration mechanisms at the central level (procedural and technical) and participates in the development of regional solutions. It also supports communication and collaboration with NC Cyber and CERT Polska.
Łukasiewicz Research Network – Institute of Innovative Technologies EMAG is responsible for incorporating the requirements of non-public entities and participates in the development of threat analysis methods.

Project Outcomes

Technological Solutions:

• Client-specific digital-hardware solution dedicated to public institutions,
• Digital security monitoring platform for RegSOC,
• Organizational and procedural model for the operation of regional centers in collaboration with CSIRT NASK, along with internal software integrating RegSOC with the NPC.

Implementation Outcomes:

• The model RegSOC center at Wrocław University of Science and Technology, with client components implemented at interested institutions.
• Project implementation report indicating the technical and economic potential for wide market deployment (including international) of the developed solution.

Project implementation benefits:

• Savings resulting from replacing commercial solutions in the public sector with the system developed within this project,
• Improving the quality and reliability of digital public services and enabling the provision of more advanced forms of them,
• Savings from avoiding administrative fines and compensation costs resulting from data security breaches,
• Easier, more efficient and uninterrupted use of a range of digital public services available to citizens and companies in contacts with e-administration,
• Easier access to public administration services, improved image of the office.

The project is funded by the National Centre for Research and Development as part of the second competition of the CyberSecIdent program – Cybersecurity and e-Identity.

Summary:

Project start date: March 1, 2018
Project end date: February 28, 2021
Project leader: Wrocław University of Science and Technology
Project value: 12,779,289 PLN, including 12,739,809 PLN in funding

Publications:

1. Białas A., Michalak M., Flisiuk B.: Anomaly Detection in Network Traffic Security Assurance, in Proceedings of the 14th International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, Advances in Intelligent Systems and Computing, vol. 987, pp. 46-56, 2020. (https://link.springer.com/chapter/10.1007/978-3-030-19501-4_5)
2. Michalak M., Wawrowski Ł., Sikora M., Kurianowicz R., Kozłowski A., Białas A.: Outlier Detection in Network Traffic Monitoring, (Proceedings of the 10th International Conference on Pattern Recognition Applications and Methods – Volume 1: ICPRAM), ISBN 978-989-758-486-2, pages 523-530, 2021 (https://www.scitepress.org/Papers/2021/102382/102382.pdf)
3. Michalak M., Wawrowski Ł., Sikora M., Kurianowicz R., Kozłowski A., Białas A.: Open-source-based Environment for Network Traffic Anomaly Detection, (Proceedings of the 16th International Conference on Dependability of Computer Systems DepCoS-RELCOMEX), Advances in Intelligent Systems and Computing, 1389:284-295, 2021 (https://link.springer.com/chapter/10.1007/978-3-030-76773-0_28)
4. Wawrowski Ł., Michalak M., Białas A., Kurianowicz R., Sikora M., Uchroński M., Kajzer A.: Detecting Anomalies and Attacks in Network Traffic Monitoring with Classification Methods and XAI-based Explainability, Procedia Computer Science, 192:2259-2268, 2021 (https://www.sciencedirect.com/science/article/pii/S1877050921017361)
   Dostępne dane / Available Datasets

RegSOC-KES2021 (https://chmura.ibemag.pl/share.cgi?ssid=0ZJYGJK)