Meet the PhD Cohort
These remarkable students with a strong interest in Cyber and AI, joined our cohort in 2023.
- Supervisor: Niall McLaughlin
- Pure Profile Link
Project Description:
Recent advances in generative modelling have given rise to powerful methods for generating realistic images in various artistic styles from a textual description. The existence of models such as DALL-E [1] shows that it is possible to train a computer to create seemingly original artworks by observing a wide range of variations of existing artwork, then recombining this information to create something original. These generative techniques, based on diffusion models [2], have until now primarily been applied in the limited domain of generating artistic data. However, these models are completely general and there is nothing to prevent them being applied to other data types. In this project, we will explore how modern generative modelling techniques can be used in the cyber-security context.
The ability to generate a large variety of very realistic samples of a given data type has to potential to revolutionise how machine-learning is applied to a number of cyber-security problems such as malware analysis, hardware trojan detection and cyber-attack detection. In cyber-security we face many problems such as how to create datasets with realistic variations and how to ensure our models are robust against adversarial attack [3]. We will focus initially on the malware domain. Our goal will be to learn a diffusion model capable of creating realistic, but artificial, malware samples with the goal of improving performance compared with training directly on real data. We will then explore the potential of these techniques to help with the generation of adversarial examples. [1] https://openai.com/blog/dall-e/ [2] https://huggingface.co/blog/annotated-diffusion [3] [4] Severi, Giorgio, et al. "{Explanation-Guided} Backdoor Poisoning Attacks Against Malware Classifiers." 30th USENIX Security Symposium (USENIX Security 21). 2021.
Project Description:
-Adapt the diffusion model architecture, based on u-net, to work with malware data
-Design a method for conditional generation of new malware samples, based on creating novel malware samples for specific malware families or with specific characteristics
-Explore the automatic creation of adversarial examples, designed to fool a malware detector
-Perform experiments to study how the robustness of malware detection can be improved by training using artificial and adversarial samples
- Supervisor: Simon Cotton
- Pure Profile Link
Project Introduction: Significant acceleration has been observed in the development of practical quantum computers. Diverse industries have begun putting billions of dollars into quantum technology research to realise their full potential. To participate in this quantum arms race, the 6G network ecosystem must expand beyond its existing network technologies and into the quantum realm of models that will serve as the basis for the quantum Internet’s ideology. Wireless security will need to evolve when the quantum internet eventually takes off in telecommunications. In this context, it is intriguing to consider the possibility of discovering the machine learning models that can help the realisation of the Internet's security in the quantum age, as expected by the 6G ecosystem. One of the main expectations of 6G is the capability to provide seamless coverage for areas that are not well-connected, such as mountains, seas, and skies. However, it is difficult to achieve global terrestrial coverage using terrestrial networks alone due to the scarcity of infrastructure in remote areas, which makes deploying base stations in those areas expensive. To help overcome this, integrated satellite-terrestrial networks (ISTNs) are now being considered as an integral part of future 6G infrastructure. Using ISTNs will pave the way to ubiquitous and high-capacity global connectivity, helping to deliver 6G services to remote areas that were previously unconnected. This PhD research proposes to research quantum machine learning for securing 6G ISTNs with a focus on bringing novel aspects of physical layer security (PLS).
Project Description: This doctoral dissertation is centred on quantum-machine learning (ML), and its goal is to analyse previously developed ML-based PLS models in order to enhance them with a new configuration that will make it possible for them to protect the 6G environment. This project will investigate the security difficulties and risks that are posed to 6G ISTNs. These challenges and threats can be safeguarded against by utilising quantum-ML-based PLS solutions. As additional aspects of quantum-based machine learning optimization, we will investigate end-to-end latency, data and resource-constrained optimization, and quantum protocol valuations.
- Supervisor: Ayesha Khalid
- Pure Profile Link
Project Description:
The advent of scalable Quantum computers will jeopardize the entire paradigm of traditional cryptography used to date! Consequently, novel Quantum-resistant cryptographic schemes need the immediate attention of the cryptographic community. NIST initiated the Post Quantum Cryptography (PQC) competition in 2016 with new winner suite of quantum-safe cryptographic algorithms to replace the Public Key Cryptography standards in use today announced last year. Lattice based cryptography (LBC) has emerged as one of the most viable alternatives to classical cryptographic schemes: however, several aspects relating to the practicality of these schemes have not been thoroughly evaluated. Benchmarking critical resources for applications especially lying at the extreme ends of performance requirements, i.e., ultra-low resource and ultra-high-speed applications need careful evaluation.
RISC-V is an open-source Instruction set architecture (ISA) RISC design that is licence-free and practical to use by both academics and industry. Its instruction set is currently supported by several popular software toolchains and currently has over 200+ organizations including Google, Qualcomm, Samsung are part of its foundation. Commercial boards with fully functional RISC-V SoCs have been available for sale since 2016. In this project we will undertake the implementations of Lattice based cryptography kernels on RISC-V and optimize it via Instruction set extension. Other than the performance improvement, the study of side channels analysis attacks and their countermeasures will also be studied.
This project will study the practicability of lattice-based quantum resistant cryptographic schemes undertaken on the RISC-V, an architecture based on RISC principles, which makes it a good fit for low-power applications. The key scientific problems it will address are the following.
- Throughput performance optimizations via custom ISA extension to encapsulate the matrix-based ring operations that are the most computationally intensive part of the lattice-based cryptography schemes. The extensions undertaken give a trade-off between performance vs. latency of the algorithms.
- Novel approximation techniques on a well-known Quantum resistant scheme to explore various design points in the performance vs. security trade-off for resource-constrained applications to reach a range of optimal design points befitting several applications.
- A careful investigation to secure the operational modules of quantum resistant cryptography blocks, enhanced with built-in SCA resistant properties (constant time, uniform power dissipation) will be carried out, with the goal of minimum resource overhead in mind.
- Supervisor: Sakir Sezer
- Pure Profile Link
Project Description:
Information Technology is still an emerging and rapidly growing discipline. Recent technological breakthroughs in Metaverse, Cloud-Edge Computing, IoT Networks, Industry 4.0, and Digital Twins are expected to transform society in an unimaginable way. However, these accrued benefits come with major threats in terms of privacy, security of information, and vulnerability to external cyber-attacks on critical national infrastructures, corporations and users.
With increased traffic bandwidth, encryption of traffic, and sophistication of attack methods classical Cybersecurity defence mechanisms are unable to keep up with contemporary and insidious cyber-attacks. New technologies cantered around Artificial Intelligence (AI) are an immediate necessity to countermeasure this type of attack.
Within the context of Datacentre security, in this PhD project emerging DPU technologies will be investigated to derive a new generation of distributed datacentre security architectures that are at-scale and embedded within the Datacentre infrastructure, enabled by DPU technology.
The project requires close collaboration with Nvidia and CSIT/QUB team.
Project Description: Data Processing Unit (DPU) is an emerging technology design for next generation Cloud Datacentre Infrastructure processing. It is comprised of high-performance and programmable Network Interface Controller (NIC) supporting up to 800Gb/s link bandwidth, dedicated offload accelerators for storge, security and high-performance computing, and ARM-based general purpose CPU cores for application processing.
The PhD project will explore DPU architectures and investigate how these new capabilities can be effectively utilised to derive a new generation of distributed network security architectures built upon custom-purpose accelerators, programmable NIC and ARM cores.
DPU’s underpinning technology will be used to advance the collection and processing of security related network telemetry, session, and application layer meta-date extraction for AI-based security algorithms. Using high-speed traffic steering capabilities of the embed NIC the project will also explore tailored countermeasures to counter detected threats by blocking or redirecting suspicious sessions into a sinkhole or sandbox.
The PhD candidate will closely work with latest Nvidia DPU and GPU technologies, explore the most recent traffic monitoring / inspection technologies, AI methods and prototype demonstrators, undertake comparative tests and extensive benchmarks.
- Supervisor: Kieran McLaughlin
- Pure Profile Link
Project Description:
Digital Twins are emerging as powerful IT platforms that allow a diverse range of cyber and physical systems to be replicated or modelled digitally, to better understand, manage, and optimise their performance. Billions are being invested globally in developing Digital Twin technologies. Opportunities exist across a wide variety of modern applications, such as manufacturing supply chains, transport infrastructure, smart cities, energy infrastructure, health care systems, and even complex natural systems such as the climate. Creating a Digital Twin requires the integration of technologies such as AI, high-performance datacentres, sensor technologies, the internet of things, and often huge amounts of data capture and analysis. As industry and society increasingly deploy Digital Twins to manage and enhance infrastructure, it is crucial to ensure the cyber security of the systems that are being interconnected and the data that is continuously being created and processed.
Project Description:
•This PhD project will investigate the security challenges emerging for new Digital Twin technology platforms.
•You will identify and experimentally investigate key challenges to ensure the security and confidentiality for real-time communications, data sharing, data processing, and device interconnectivity.
•You will research and explore use-cases (for example, studying renewable energy infrastructure, or focusing on a specific industry supply chain) to help understand the security requirements that are specific to Digital Twins, compared to other IT platforms.
•Building on these use-case studies, and understanding their context and special requirements, you will develop new security frameworks and technologies to support the security and resilience of Digital Twins against cyber-attacks or sabotage.
- Supervisor: Vishal Sharma
- Pure Profile Link
Project Description:
The Open Radio Access Network (O-RAN) is a disaggregated method for creating mobile fronthaul and backhaul networks that is totally based on cloud-native principles. O-RAN is an extension of the Next Generation RAN (NG-RAN) architecture, which was first announced in 3GPP's release 15 for the GSMA. Several companies have begun to invest in O-RAN in order to maximise its potential. In response, it is anticipated that the 6G network ecosystem would go beyond present network technology and incorporate models that support the philosophy of the next generation of the Internet. With O-RAN, mobile Internet security will take a new direction. Identifying the potential dangers that can aid in securing the network is an intriguing challenge. As part of its research, this Ph.D. project intends to achieve multiple areas of security regarding the type of design, deployment strategy, and operation.
This doctoral dissertation is focused on O-RAN security, and its objective is to evaluate previously created security solutions in order to upgrade them with a new configuration that will allow them to secure the 6G environment. This project will explore the security challenges and threats that 6G data and services present. In addition, a focus will be placed on resolving tradeoffs between O-security RAN's and efficiency, with an emphasis on end-to-end latency, data and resources, and mobility management.
- Supervisor: Kieran McLaughlin
- Pure Profile Link
Project Description:
Cyber Physical Systems (CPS) combine physical systems in hardware, such are sensors and actuators, integrated with embedded computing technologies and network interconnectivity to enable intelligent monitoring and control. CPS range from relatively simple systems, such smart lighting, to autonomous CPS, such as fully autonomous vehicles, capable of carrying out complex tasks while operating independently from humans. The convergence of computing and communications technologies with systems that can interact with the real world raises significant challenges, particularly when failures in security might result in threats to human safety. For example, if robots in a factory processing hazardous chemicals make decisions based on false information due to a cyber-attack, this may result in a dangerous incident. If sensors in an electrical smart grid are attacked, renewable generation at customer premises may react by operating in a way that is detrimental to the stability of the grid. With the integration of modern computing technologies into CPS, new cyber threats are introduced. Research is necessary to understand these threats and formulate responses to ensure CPS can react to cyber-attacks with actions that maintain resilient and safe operations.
Project Description:
•This PhD project will investigate novel methods to automatically train cyber security responses to possible cyber-attacks, using the machine learning method called reinforcement learning.
•The project will focus on how cyber physical systems can respond to attacks to ensure that their operation remains resilient, i.e. safe and stable, but perhaps achieving this by trading off some features of performance. For example, a robot may move less quickly or not use all its available functions for a period, while a given security threat is perceived to be active – in engineering terms this is sometimes called graceful degradation.
- Supervisor: Oluwafemi Olukoya
- Pure Profile Link
Project Description:
When uncovering vulnerabilities, we often think of finding flaws and reporting bugs in popular software or products. The goal of such endeavours is to discover security vulnerabilities and weaknesses before malicious actors do. Different companies create bug bounty programs to leverage the hacker community to improve their system's security over time continuously. However, there has been a limited effort in the opposite direction - finding flaws and vulnerabilities in malware payloads that stop them from spreading and infecting the system. Like benign applications, malware is also prone to flaws and vulnerabilities which can cause it to crash, stop execution or which can serve as backdoors for white hats to undo the damage or at the very least, buy precious time and give organizations breathing room to update their systems. A case in point is WannaCry, the biggest ransomware attack in history, which spread within days to more than 250,000 systems in 150 countries was stopped by registering a web domain found in the malware's code[1]. Once the ransomware checked the URL and found that it was active, it was shut down – buying precious time and giving organizations breathing room to update their systems. Such vulnerabilities can often persist in malware and many of its variants for a long time across different target platforms[6]. This project aims to build a system that uncovers exploitable flaws and defects in malicious software as a kill-switch approach.
Vulnerabilities are not exclusive to legitimate software[4,5]. Performing software quality assurance checks on malware has many benefits. The identified vulnerabilities can be classified according to MITRE's Common Weakness Enumeration list to get a more detailed definition and consequences of such vulnerabilities. Security vendors can leverage these vulnerabilities to develop different types of signatures to detect and prevent such malware attacks as a kill-switch approach[2]. This research aims to investigate multiple prevalent malware families across a broad range to uncover vulnerabilities that could be exploited as part of the protection system.
The analysis will be performed on large-scale samples across several datasets that are representative of modern commodity malware and Advanced Persistent Threat (APT) malware that considers historical coherence and family information. The focus of the research will be on Windows as the dominant operating system in terms of popularity and the most frequently targeted by malware
- Supervisor: Máire O'Neill
- Industrial partner: Qualcomm
- Pure Profile Link
Project Description:
Quantum-resilient cryptography has seen a substantial expansion, due to recent advances in scalable quantum computing. It is believed that such a device would compromise the security of all current public-key cryptographic algorithms used for secure communication The advances in scalable quantum computing offer great opportunities to science and society, however, they are a significant threat to our information and communications infrastructures. Quantum computing is capable of compromising the security of today’s public-key cryptography, which is widely used to provide internet security. Hence, we need to consider new quantum-resilient security solutions. This project aims to look at quantum-resilient cryptographic approaches that are resistant to both classical computing attacks as well as quantum attacks. More specifically, it will investigate how we can integrate the two main quantum-resilient security methodologies, post-quantum cryptography and quantum-key distribution, to achieve optimal performance and security benefits.
- Supervisor: Anh Tuan Hoang
- Pure Profile Link
Project Description:
Physical Unclonable Function (PUF) relies on its unclonable variation in manufacturing process to generate a unique unclonable digital fingerprint and is used to identify the connected devices. Even though it’s work relies on unpredictable variations and working environment, some research shown that its operations are model-able. This project aims to apply machine learning based side-channel analysis (SCA) to build a model for strong PUF, and so achieves high accuracy for challenge-response pair prediction for strong PUF in the context of working environment.
PUF relies on its unclonable variation in manufacturing process to generate a unique response to a challenge. Its unique response can be used to identify and authorise the device in a connected system. However, the unclonable manufacturing variation of the most popular types of silicon PUF, Arbiter PUF (APUF) design is model-able but changed with the working environment like temperature, power supply and ages. In one hand, the model-ability feature creates a hardware security threat to connected systems like smart health care or automobile when attacker can model the PUF operation. In other hand, the instability in manufacturing variation and working environment makes difficulty to modelling efforts but also reduces the ability of PUF in identifying and authorizing a device in the systems. SCA, especially the machine learning based SCA would help building high accuracy PUF model. This project will
-Evaluate the vulnerability of strong PUF (like arbiter PUF) under SCA and show requirement for PUF protection under SCA.
-Apply machine learning based SCA in modelling various strong PUF implementations used for devices identification and authorization in connected systems.
- Supervisor: Jesus Martinez del Rincon
- Pure Profile Link
Project Description:
Data Security is a fundamental pillar in modern ICTs, aiming to avoid data breaches. In this context, malware detection, network intrusion and software vulnerability analysis are related problems. Malware detection is still one of the major problems in computer security. To fight against the increasing number of malware, their variability and sophistication, machine learning-based solutions, which can model the previous problems using sequence-based neural networks and Natural Language Processing (NLP) concepts have emerged as solution and it is being increasingly adopted by companies and institutions. In particular, deep learning have started to show [1,2] their impressive performance on the security domain.
In this project, we propose to investigate novel ML attacks using adversarial examples to, in a first instance, attack, break and validate Deep Learning models. Afterwards, we will use the attacks to improve the performance of conventional and machine learning-based detection systems. Specifically, we aim to generate new adversarial deep learning architectures and Generative adversarial networks (GAN) that could be used for attacking and defending security systems.
Objectives:
•To investigate novel adversarial examples for data intrusion, evasion and poisoning attacks and their effect on current defence and detection systems
•To investigate the use of GAN networks and other adversarial architectures for both attacking and defending machine learning based solutions.
•To develop new adversarial deep learning architectures for security applications
•To evaluate the performance of the developed methodologies against diverse real security scenarios (malware analysis, network intrusion, software vulnerabilities)
- Supervisor: Jesus Martinez del Rincon
- Pure Profile Link
Project Description:
Federated learning (FL) is a learning paradigm where the AI model, instead of being learned in a centralised manner with access to all the data, is learned in local nodes with partial data, before a common model is agreed without the need of sharing the data but the models. This prevents the need of sharing private data among different entities with obvious privacy advantages. However, the complexity of learning and effective agreed model increases with the number of nodes/agents and the small amount of data available in each. Despite the privacy advantages of FL, it has been stated that FL with secure aggregation for the purpose of privacy is more susceptible to poisoning attacks as the individual updates cannot be inspected. Moreover, FL brings a new type of poisoning attack beyond the data poisoning, the model poisoning, where a malicious entity is able to take control or simulate one of the nodes leading to poisoning, either destroying the convergence and performance of the global model or inserting a backdoor trigger to bypass detection
In this work, we will investigate different distributed learning strategies for successful problem learning and we will explore the limits of the federated learning paradigm when taken to the extremes in applications such as individual models for individual users. We are also interested on evaluating the robustness of the devise paradigm against model poisoning attacks by using decentralised aggregation techniques. The final aim is to devise better agreed learned paradigms when a subset of the nodes may be either plainly malicious or generate ineffective or unstable models.
In order to illustrate this new paradigms, we will apply our techniques to different cyberproblems, from biometrics to digital fingerprinting and IoT security.
Objectives:
1.Review the area of federated learning and deep neural networks for IoT security.
2.Develop new federated leaning paradigms for fully distributed DNN learning.
3.Validate existing and new federated learning paradigms versus model poisoning attacks
4.Devise robust FL mechanism to deal with unstable and malicious submodels
- Supervisor: Sandra Scott-Hayward
- Pure Profile Link
Project Description:
This project will explore the unique security challenges presented by Software-Defined Delay Tolerant Network (SD-DTN) architectures in Space-Air-Ground Integrated Networks (SAGINs), aiming to develop robust, adaptable solutions for secure data transmission in high latency and intermittently connected environments typical of Non-Terrestrial Networks (NTNs).
- Supervisor: Anh Tuan Hoang
- Industrial partner: Qualcomm
- Pure Profile Link
Project Description:
Even though cryptographic algorithms like traditional Advanced Encryption Standard (AES) and modern Post Quantum Cryptographic (PQC) Crystals Kyber are safe in theory, but their implementations are vulnerable under side-channel analysis (SCA). This project applies SCA and machine learning (ML) to quantum and SCA safe implementations for PQC algorithms like Kyber.
SCA is a real threaten to all cryptographic devices. Even though the conventional cryptographic
algorithms like AES and the modern PQC algorithms like Latice based Kyber are proved safe in theory, their implementations leak sensitive information to side-channel through information like power consumption, electromagnetic field, and computation time. SCA applies divide and conquer strategy to find leakage of each small number of key bits group to side-channel while executing those data to find the whole secret key. Recently, ML based SCA is developed with many successful for attacking cryptographic devices. In SCA circumstance, ML can automatically learn the features of the sensitive data (secret key or message) represented on the traces collected from a device, find the leakage operation of that implementation before applying it to find the working secret key on similar device. This project includes:
-Applying SCA and ML based SCA to available PQC implementations (on both hardware and software) to find leakage data and operations.
-Applying SCA countermeasure methods like masking and shuffling to develop SCA resistant implementation for PQC algorithms.
- Supervisor: Máire O'Neill
- Pure Profile Link
Project Description:
The modern semiconductor supply chain uses overseas foundries, third-party IP and third-party test facilities. However, with so many different untrusted entities, this design and fabrication outsourcing has exposed silicon chips to a range of hardware-based security threats such as counterfeiting, IP piracy, reverse engineering and hardware Trojans (HT). A hardware Trojan is a malicious modification of a circuit in order to control, modify, disable, monitor or affect the operation of the circuit. Although there have been no public reports of HTs detected in practice, in 2020, the cybersecurity company F-Secure published a report on their investigation into a pair of counterfeit Cisco Catalyst 2960-X series switches . While these devices did not have back-door functionality, they did employ measures to bypass processes that authenticate system components and F-Secure stated that motivated attackers use the same approach to insert hardware trojans to stealthily backdoor companies.
The overall goal of this proposed research project is to achieve a trustworthy automated DL-based HT detection system, which can detect HTs without requiring any pre-knowledge of circuit characteristics. The objectives are: 1) to design an automated DL-based HT detection system that can detect different types of HTs and 2) to derive novel countermeasures that ensure trustworthiness of the DL-based HT detection system against adversarial attacks.