DepartmentSchool of Computing
October, February and April
Applications accepted all year round
The work on this project could involve:
- Development of a new set of cyber risk metrics more relevant to modern-day cyber security incidents
- Definition of a secure model of cyber incident experience-sharing, which will be validated using cyber security incidents datasets
- Definition and application of ensemble machine learning techniques to formalise the experience sharing model
The internet has become the backbone of both private and public sectors due to its importance in providing the main infrastructure of communication, data transformation and services across every domain of life. However, the frequent occurrences of cyber incidents, such as viruses, spyware, spam and other malware programs, coupled with their increasing complexity over the years have caused financial losses for worldwide organizations.
The project aims to study and formalise relationships among incidents and levels of response in the domain of cyber security incidents, where information about incidents are defined within some schema such as the Vocabulary for Event Recording and Incident Sharing or the Common Attack Pattern Enumeration and Classification schema, in order to obtain new sets of cyber security metrics that can be used to monitor cyber risk in modern day complex information systems.
The project will define and apply data mining and analysis methods to cyber security intrusion detection and mitigation datasets, in particular, focusing on ensemble learning techniques in which experience about cyber incidents, as recorded in an organisation’s internal algorithms, will be shared with other organisations in a secure and collaborative manner without revealing any sensitive information about the organisation or its incidents.
This sharing of experience then will help each organisation in the short term to develop its capabilities of predicting features about future incidents as applying any necessary mitigation or recovery actions to those. In the long term, the experience will help the organisation to eventually form its own cyber risk metrics that can be used to monitor risk at the large organisational scale.
The outcome of this 3-year project will be a framework that couples experience sharing and cyber risk metric definition with ensemble-based machine learning techniques.
Fees and funding
Visit the research subject area page for fees and funding information for this project.
Funding availability: Self-funded PhD students only.
PhD full-time and part-time courses are eligible for the UK Government Doctoral Loan (UK and EU students only).
You'll need an upper second class honours degree from an internationally recognised university or a Master’s degree in an appropriate subject. In exceptional cases, we may consider equivalent professional experience and/or qualifications. English language proficiency at a minimum of IELTS band 6.5 with no component score below 6.0.
You should have an interest in cyber security, machine learning and data analytics. Good programming skills in Python and analytical skills as well as knowledge of foundations of computer science are also required. You should be able to think independently, including the formulation of research problems and have strong oral and written communication skills.
How to apply
When you are ready to apply, please follow the 'Apply now' link on the Computing PhD subject area page and select the link for the relevant intake. Make sure you submit a personal statement, proof of your degrees and grades, details of two referees, proof of your English language proficiency and an up-to-date CV. Our ‘How to Apply’ page offers further guidance on the PhD application process.
If you want to be considered for this self-funded PhD opportunity you must quote project code COMP4530220 when applying.