Depending on the amount of data to process, file generation may take longer.

If it takes too long to generate, you can limit the data by, for example, reducing the range of years.

Article

Download file Download BibTeX

Title

SCADvanceXP—an intelligent Polish system for threat detection and monitoring of industrial networks

Authors

[ 1 ] ICT Security Department, Poznan Supercomputing and Networking Center (PSNC) affiliated to the Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Poland | [ 2 ] CTO, ICsec S.A., Wichrowa 1A, 60-449, Poznań, Poland | [ 3 ] R&D Department, ICsec S.A., Wichrowa 1A, 60-449, Poznań, Poland | [ 4 ] ICT Security Department, Poznań Supercomputing and Networking Center (PSNC), affiliated to the Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Jana Pawła II10, 61-139, Poznań, Poland | [ 5 ] Institute of Computing Science, Poznań University of Technology, Piotrowo 2, 60-965, Poznań, Poland | [ 6 ] Data Processing Technologies Division, Poznań Supercomputing and Networking Center (PSNC), affiliated to the Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Z. Noskowskiego 12/14, 61-704, Poznań, Poland

Year of publication

2024

Published in

Security and Defence Quarterly

Journal year: 2024 | Journal volume: vol. 48 | Journal number: no. 4

Article type

scientific article

Publication language

english

Keywords
EN
  • anomaly detection
  • cybersecurity
  • industrial networks
  • intrusion detection systems
  • malware
Abstract

EN SCADvanceXP is an industrial network intrusion detection system that scans and monitors data exchange between engineering stations, field divides, controllers, supervisory control and data acquisition (SCADA), and other elements of the operational technology network in detail. SCADvanceXP has the potential to detect advanced attacks on industrial infrastructures with the use of rulebased, signature-based, and behavioural detection methods, which are supported by sophisticated machine and deep learning models. As a system developed in Poland, it addresses the needs of industry in that region of Europe. The goal of this work was to assess SCADvanceXP’s potential to detect common industrial threats. In order to check SCADvanceXP’s potential, an effort was undertaken to evaluate its functionality on major industrial threats. For that purpose, twelve malware strains interfering with industrial systems were described. Later, the SCADvanceXP functionality was overlapped on malware behavioural and detection markers, pointing out exact mechanisms in SCADvanceXP that would detect analysed threats. The results show that SCADvanceXP is able to detect a wide range of attacks on industrial networks. SCADvanceXP’s rich functionality is able to provide a high standard of security. However, if a threat is affecting systems not directly connected with industrial networks, SCADvanceXP will not be able to detect it. SCADvanceXP only monitors industrial systems; hence, corporate networks must be protected by a different solution to provide the required level of security. Nonetheless, SCADvanceXP is dedicated to operating within industrial networks and does not have access to regular IT networks. It can be concluded that SCADvanceXP is a specialist tool providing desired security for industrial networks.

Date of online publication

03.03.2024

DOI

10.35467/sdq/177655

URL

https://securityanddefence.pl/SCADvanceXP-an-intelligent-Polish-system-for-threat-detection-and-monitoring-of-industrial,177655,0,2.html

Comments

Corresponding author Mateusz Grzegorz Twardawa. Online first.

License type

CC BY (attribution alone)

Open Access Mode

open journal

Open Access Text Version

final published version

Release date

03.03.2024

Full text of article

Download file

Access level to full text

public

Ministry points / journal

70