Mixeway system increases telecommunications security

A graphic showing a man holding a finger on a virtual padlock

photo pixabay.com, author: Gerd Altmann

Grzegorz Siewruk, PhD Eng., from the Warsaw University of Technology designed and built the Mixeway system, increasing the security of applications operating in the infrastructure of telecommunications operators.

The tool is the result of an implementation doctorate realized under the supervision of Prof. Wojciech Mazurczyk from the Faculty of Electronics and Information Technology at WUT. This is the first implementation doctorate defended in this faculty, and with honours.

– Our research included an analysis of the use of machine learning mechanisms to classify the security vulnerabilities detected by software testing solutions – says Prof. Wojciech Mazurczyk. – We looked for answers where there are gaps, and then we tried to develop a mechanism that will allow to determine which of the detected problems need improvement, and which are merely false alarms – he explains. More than 10,000 resources were checked, including web applications and source code repositories, where more than 40,000 vulnerabilities were detected.

The system has already been implemented in Orange Polska and it turned out that thanks to it the necessary security tests can be carried out more than 30 times more often, and the time of delivery of the report to the development team was shortened by more than 90%.

Photo of Grzegorz Siewruk, PhD Eng.

Grzegorz Siewruk, PhD Eng.

– Mixeway is such an orchestrator of all tools possessed by the telecommunications operator, allowing for automatic verification of security in ICT systems – explains Grzegorz Siewruk, PhD Eng.

– One can say that it is the safety conductor of the whole set of tools that guard the effectiveness of the implementation of new versions of the application – he concludes.

The tool has already won two awards, and the results of the research were used in the work "Context-Aware Software Vulnerability Classification Using Machine Learning" and presented at industry conferences: PLNOG19, What The H@ck 2019, Advanced Threat Summit 2020. PLNOG19, What The H@ck 2019, Advanced ˙Threat Summit 2020.

More information on the website of the Faculty of Electronics  and Information Technology