In the Centre for Cyber Security, we have a range of expertise covering a variety of security aspects. Our research is driven by end-user need, and a common theme running through is the use of Artificial Intelligence and Machine Learning to provide technologies that can deliver security and efficiency improvements to the end-user. Below are some of our key areas of research.

Vulnerability detection

Detecting vulnerabilities in computing systems is of key importance to minimise methods of attack and also to take corrective measures. However, processing large volumes of configuration and system-generated data is time-consuming and requires specialised knowledge to identify the ‘needle in the haystack’. In the CCS, we are developing novel methods to autonomously detect security vulnerabilities efficiently with minimal end-user involvement. For example, applying unsupervised machine learning techniques to identify weaknesses in access control policies. 

Event processing and analysis

Processing system security events is a fundamental aspect of Security Information and Event Management (SIEM) software. Event data is a rich source of information detailing security activity within IT systems, for example, establishing malicious user behaviour and software. However, large IT systems generate such high volumes of events and searching them for important information is challenging. In the Centre, we are developing new mechanisms of processing large volumes of events with the aim of producing efficient and accurate techniques. As a result of our recent research, we have developed new mechanisms of anomaly detection based on graph and statistical analysis techniques.

Knowledge extraction and planning

It is widely acknowledged that in the field of cyber-security there is a distinct lack of subject experts to perform security analysis and configuration tasks. This is highly problematic and has resulted in a global shortage of experts and some of the highest salaries in the IT sector. This has resulted in some organisations being unable to source or afford the expertise necessary to protect business-essential IT infrastructure. In the Centre, we are aiming to close the knowledge gap within cyber-security and we’re developing a novel mechanism to extract key security action knowledge from available system sources, store it for distribution, and enable it to be utilised by non-experts. We have developed the capability to autonomously extract useful information from high volumes of events, which detail the systems’ security state as well as determine causal inference from dispersing event sources.

Digital Forensics

In the Centre, we undertake research in conducting digital forensic investigations in complex computing environments such as the Internet of Things and cloud computing, as well as security challenges around emerging technologies such as unmanned aerial vehicles (UAVs), blockchain and cryptocurrency. One key strength of our research is in the application of signature detection schemes to these environments to assist with the identification and acquisition of digital evidence.

Cryptography 

Centre researchers are focused on practical cryptography (the development of cryptographic primitives and protocols that are efficient and practically applicable), secure distributed computing, and distributed ledgers. I have produced work on practical homomorphic encryption for secure distributed computation, a simple and efficient provably secure order-preserving encryption system, searchable encryption primitive, and result verification for MapReduce computations. 

Cloud and Network Security 

Improvements in the security of Cloud Computing are being developed through multi-party authentication frameworks for dynamic authentication interactions in distributed environments. Efforts in network security also focuses on cybersecurity issues in the IIoT, looking at novel detection models for sophisticated threats. Our research is having a broad impact on the theory and practice of networking; most research is being focused on continuing to make security a priority when moving applications and data to the cloud, which is a fundamental topic for the Internet of Things (IoT).