Scroll Top


Advanced System for the Detection of Persistent Cyberattacks in Industry 4.0

Project Overview: 

The problem of cybersecurity in industrial control environments is becoming increasingly more important. These type of systems have gone from being isolated to become Internet-connected systems, thus they are exposed to the dangers and threats that affect more open networks. However, the digitization of the industry and the rapid growth of paradigms such as Industry 4.0 (I4.0) and the Industrial Internet of Things (IioT), in which physical objects and other processes are seamlessly integrated into the information network, creates new potential vulnerabilities and attack vectors, making industrial environments even more exposed than before. As one of the tenets of these paradigms is the creation of a virtual copy of the real world, one of the strategies that can be used to protect them is to provide services that are able to monitor the behavior of such virtual world at all times.

In order to achieve such goal, it is essential to understand what are the risks associated to the technological pillars of I4.0 and IIoT, such as the Internet of Things (IoT) and Cyber-Physical Systems (CPS). In theory, these technologies allow the creation of an interoperable and modular environment, where all actors connect and communicate with each other, making decisions on their own. In practice, there are many hurdles to overcome, such as the combination of heterogeneous technologies and standards with multiple protocols and access policies. In parallel, we have also to consider that the possible attacks in industrial environments have become even more complex, and Advanced Persistent Threats (APTs) are increasingly common.

Consequently, the main objective of the SADCIP project is the development of an advanced detection system capable of dealing with APTs and other threats in the context of modern industrial control systems, taking into account the specific characteristics of Industry 4.0[1] and related paradigms, plus its integration with IoT and CPS technologies[2][3]. For this purpose, NICS has developed a modular and extensible architecture where multiple cooperative and distributed detection systems can be integrated. Such architecture has been instantiated and deployed in real world scenarios in collaboration with the cybersecurity company S2Grupo. From this collaboration, multiple approaches have already been proposed for the literature[4][5][6] to detect in real time APT attacks in IT-OT (Information Technologies-Operational Technologies) domains.  

Note that many of the internal proofs (e.g., the implementation of cyber-attacks and the detection framework) carried out by NICS Lab in SADCIP have also been validated and tested from the I4Testbed laboratory. In addition, the results of the project have been very varied, in terms of protection[7][8][9][3], attack detection[2][1][10][6], tracking[4][5] and resilience[11][12][13][14], as also indicated below in the references section.

Proyecto RTC-2016-4847-8 financiado por:


  1. Juan E. Rubio and Rodrigo Roman and Javier Lopez (2018): Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection. In: The 12th International Conference on Critical Information Infrastructures Security, pp. 119-130, Springer Springer, 2018.
  2. Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez (2019): Current Cyber-Defense Trends in Industrial Control Systems. In: Computers & Security Journal, vol. 87, 2019, ISSN: 0167-4048.
  3. Javier Lopez and Cristina Alcaraz and Jesús Rodriguez and Rodrigo Roman and Juan E. Rubio (2017): Protecting Industry 4.0 against Advanced Persistent Threats. In: European CIIP Newsletter, vol. 11, no. 1, pp. 27-29, 2017.
  4. Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang (2019): Tracking APTs in Industrial Ecosystems: A Proof of Concept. In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
  5. Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang (2018): Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics. In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
  6. Cristina Alcaraz and Jesús Rodriguez and Rodrigo Roman and Juan E. Rubio (2017): Estado y Evolución de la Detección de Intrusiones en los Sistemas Industriales. In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), 2017.
  7. Javier Lopez and Juan E. Rubio (2018): Access control for cyber-physical systems interconnected to the cloud. In: Computer Networks, vol. 134, pp. 46 - 54, 2018, ISSN: 1389-1286.
  8. Juan E. Rubio and Cristina Alcaraz and Javier Lopez (2018): Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks. In: 9th IFIP International Conference on New Technologies, Mobility & Security, 2018.
  9. Cristina Alcaraz and Javier Lopez and Stephen Wolthusen (2017): OCPP Protocol: Security Threats and Challenges. In: IEEE Transactions on Smart Grid, vol. 8, pp. 2452 - 2459, 2017, ISSN: 1949-3053.
  10. Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez (2017): Analysis of Intrusion Detection Systems in Industrial Ecosystems. In: 14th International Conference on Security and Cryptography (SECRYPT 2017), pp. 116-128, SciTePress SciTePress, 2017, ISBN: 978-989-758-259-2.
  11. Cristina Alcaraz and Javier Lopez (2018): A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability. In: IEEE Systems Journal, vol. 12, pp. 3543-3554, 2018, ISSN: 1932-8184.
  12. Javier Lopez and Juan E. Rubio and Cristina Alcaraz (2018): A Resilient Architecture for the Smart Grid. In: IEEE Transactions on Industrial Informatics, vol. 14, pp. 3745-3753, 2018, ISSN: 1551-3203.
  13. Cristina Alcaraz (2017): Resilient Industrial Control Systems based on Multiple Redundancy. In: International Journal of Critical Infrastructures (IJCIS), vol. 13, no. 2/3, pp. 278 - 295, 2017, ISSN: 1741-8038.
  14. Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo (2017): Resilient Interconnection in Cyber-Physical Control Systems. In: Computers & Security, vol. 71, pp. 2-14, 2017, ISSN: 0167-4048.