• BUSINESS & “INDUSTRY 4.0”

    Security related BPMN-extensions for RPA

    Industry 4.0, Vol. 8 (2023), Issue 3, pg(s) 81-82

    Direct Robotic process automation (RPA) has received a lot of attention because of the increasing demand for solutions to improve the efficiency of business processes in an organization. With RPA, organizations can develop robots that automate a large number of processes. However, despite its relevance, RPA is a relatively young field and many of its concepts remain open to discussion. One of the primary tasks in creating a robot is the identification of threats at the design stage, which reduces the number of possible attacks, identifying vulnerabilities, thereby increasing the security of the robot itself. The increasing use of RPA-based solutions in mission-critical systems has created a need and interest in assessing their threats. The foundation for successful creation, launch and use of a secure RPA-based solution would be application of classical design techniques and evaluating the risks on all SDLC cycle stages. But in order to perform this appropriate tools taking into consideration the specific nuances of the domain area are needed. BPMN notation, used for describing business processes can be seen as a good candidate for designing RPA solutions. However, BPMN is not able to cover the description of all aspects in the robot process, namely, issues related to the specifics of RPA security remain unaccounted for. This study analyses business process notation (BPMN) as a modelling tool for the design of automated processes in RPA, proposes an approach for defining securityrelated extensions of BPMN using its own extension mechanism, that can be used for risk analysis on different SDLC stages.

  • Investigation of AWSCTD dataset applicability for malware type classification

    Security & Future, Vol. 2 (2018), Issue 2, pg(s) 83-86

    Nowadays, information systems security is a crucial aspect – vulnerable system endpoint can lead to severe data loss. Intrusion detection systems (IDS) are used to detect such unfortunate events. Implementation place defines the type of IDS: network-based (NIDS) for network traffic monitoring or host-based (HIDS), to detect malicious actions on the host level. IDS can be effective only if generated alerts are correctly evaluated and classified, what is typically done by a trained staff, but requires a lot of time and human resources. While a lot research is done with NIDS alerts evaluation, HIDS research is lacking behind. HIDS reported operating system calls could be used to define the importance of alarms and steer analysts to the most critical issues. In this article we demonstrate the applicability of our created Attack-Caused Windows System Calls Traces Dataset (AWSCTD), which is currently the most comprehensive dataset of system calls generated by almost all modern malware types, for training different classification methods on malware type recognition and later alert prioritization. The effectiveness of different classification methods is evaluated, and results are presented. Currently achieved results allow to decrease the load on analytical staff, dealing with malware classification and related alert prioritization by 92.4%, which makes this approach applicable for practical use.