Joint Standardisation Workshop of Dynamic Countering of Cyber-Attacks Projects


Updated 27th January 2021

Last Friday, January 22nd of 2021, CyberSANE project hosted the first Joint Standardisation Workshop along with projects from the SU-ICT-01-2018 H2020 call, whose main topic is Dynamic countering of cyber-attacks: C4IIoT, CARAMEL, GUARD, SAPPAN, SIMARGL, and SOCCRATES.

The workshop started with a round of presentations led by Manos Athanatos from FORTH, Standardisation and liaison activities leader of CyberSANE project, where each of the 38 participants stated their affiliation, their role in each one of the projects, and their main expectations for the workshop. After a warm welcome and short presentation on the objectives, each project held a 30-min presentation highlighting their objectives, progress and standardisation approach, as it follows:

  • CyberSANE | Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures, by Elma Kalogeraki from UBITECH

  • C4IIoT | Cyber security 4.0: protecting the Industrial IoT, by Giorgos Vasiliadis from FORTH and Dusan Jakovetic from Univerzitet u Novom Sadu

  • CARAMEL | AI-based cybersecurity for connected and automated vehicles, by Peter Hofmann from DT-Sec

  • SAPPAN | Sharing and Automation for Privacy-Preserving Attack Neutralization, by Benjamin Heitmann from Fraunhofer

  • SIMARGL | Secure Intelligent Methods for Advanced Recognition of malware and stegomalware, by Michal Choras from FernUniversität

  • SOCCRATES | SOC & Csirt Response to Attacks & Threats based on attack defence graphs Evaluation Systems, by Reinder Wolthuis and Frank Fransen from TNO

After the projects presentations, Cybersecurity Research Dr Vasileios Mavroeidis from the University of Oslo held a Keynote talk focused on how to approach and conduct standardisation activities within the context of EU research projects, guiding the following open discussion between the different representatives from the projects. During the ideation session, a number of common standardisation activities to pursue were identified. In order to coordinate and reassess the progress, it was agreed that at least two more workshops will be held during 2021.

If you are interested in knowing more about this topic, or how to collaborate with CyberSANE, please contact Manos Athanatos or Ana María Morales for dissemination purposes.

Who is C4IIoT?

C4IIOT will design, build and demonstrate a novel and unified Cybersecurity 4.0 framework that implements an innovative IoT architecture paradigm to provide an end-to-end holistic and disruptive security-enabling solution for minimizing the attack surfaces in Industrial IoT systems. C4IIOT bridges cyber assurance and protection, machine (deep) learning (ML/DL), edge/cloud computing, blockchain and Big Data technologies to provide a viable scheme for enabling security and accountability, preserving privacy, enabling reliability and assuring trustworthiness within evolving IIoT applications and processes (e.g. automotive). C4IIOT novel cybersecurity mechanisms are carefully orchestrated across all infrastructure elements involved within an IIoT system (e.g., IIoT devices, field gateways, cloud resources) and is based upon analysis of various data flows (e.g., IIoT device data, encrypted network flows).


CARAMEL is a project that aims to introduce an innovative anti-hacking intrusion detection/prevention systems for the European automotive industry. Their goal is to proactively address modern vehicle cybersecurity challenges applying advanced Artificial Intelligence (AI) and Machine Learning (ML) techniques and also to continuously seek methods to mitigate associated safety risks.
In order to address cybersecurity considerations for the already here autonomous and connected vehicles, well-established methodologies coming from the ICT sector will be adopted, allowing to assess vulnerabilities and potential cyberattack impacts. Although past initiatives and cybersecurity projects related to the automotive industry have reached to security assurance frameworks for networked vehicles, several newly introduced technological dimensions like 5G, autopilots, and smart charging of Electric Vehicles (EVs) introduce cybersecurity gaps, not addressed satisfactorily yet. Considering the entire supply chain of automotive operations, CARAMEL targets to reach commercial anti-hacking IDS/IPS products for the European automotive cybersecurity and to demonstrate their value through extensive attack and penetration scenarios.

Who is GUARD

GUARD is a cybersecurity framework to Guarantee Reliability and trust for Digital service chains. They aim to design a holistic framework for advanced end-to-end assurance and protection of business service chains. GUARD also aims to improve the detection of attacks and identification of new threats as well as develop fine-grained, programmable and low-overhead monitoring, inspection and enforcement systems. Further to improving awareness and reactions to incidents, GUARD aims to elaborate new business models for commercial exploitation after the project lifetime.


SAPPAN aims to develop a platform for sharing and automation to enable privacy preserving and efficient response and recovery utilizing advanced data analysis and machine learning. They will provide a cyber threat intelligence system that decreases the effort required by a security analyst to find optimal responses to and ways to recover from an attack. This will be enabled within a single organization as well as across organisations through novel models for privacy-preserving data processing and sharing. SAPPAN will also enable a European level perspective on advanced cyber security threats detection, response, and recovery making four key contributions that go beyond existing approaches: (1) privacy-preserving aggregation and data analytics including advanced client-side abstractions; (2) federated threat detection based on sharing of anonymised data and sharing of trained machine learning models; (3) standardisation of knowledge in the context of incident response and recovery to enable reuse and sharing; (4) visual, interactive support for Security Operation Center operators. SAPPAN aims to provide solutions for public international institutions and multinational companies who want to enrich their Situational Awareness by sharing cyber security intelligence as well as solutions for small and midsize companies enabling them to outsource intrusion detection.


SIMARGL is a project co-funded by the European Commission under Horizon 2020 programme, to combat the pressing problem of malware. It aims to tackle the new challenges in the cybersecurity field, including information hiding methods, network anomalies, stegomalware, ransomware and mobile malware. SIMARGL will offer an integrated and validated toolkit improving European cybersecurity. The cutting-edge of the proposed solution stems from the development of a more general approach, one that has the ability to counteract the new, complex malware. SIMARGL will use breakthrough methods and algorithms to analyze the data from networks, such as: concept drift detectors, advanced signal processing and transformations, lifelong learning intelligent systems (LLIS) approach, hybrid classifiers, and deep learning, just to mention some techniques.


SOCCRATES aims to develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs) of individual organisations and offered by Managed Security Service Providers (MSSP). They will significantly improve their capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks by using this platform. The platform contains innovative solutions to automated infrastructure modelling, improve attack detection, Cyber Threat Intelligence utilization, AI and machine learning based threat trend prediction, and automation using Attack Defence Graphs (ADG) and business impact modelling to aid human analysis and decision making on the best course of action, enabling the execution of defensive actions at machine-speed.

Leave a Reply

Your email address will not be published.