FULLY FUNDED Engineering Doctorate (EngD) Studentship in Large Scale Complex IT Systems,Security Event Correlation and Visualisation Using Machine Learning Techniques, sponsored by BT

Applications are invited for a student to work on a research project in Security Event Correlation & Visualisation. The research project is fully funded and will be carried out in conjunction with studying for an EngD. The Programme is a full time, 4-year doctoral level research degree involving both taught and research components requiring students to work closely with a sponsoring organisation, BT.

Research Project:

In responding to increasingly sophisticated attacks on our information, systems and networks, tens of thousands of security devices have been installed, emitting billions of events that need to be monitored, logged, analysed and correlated every day. Analysing these logs is currently very labour intensive. Logs from different sources often come in different formats with implicit semantics, contain duplicates and cannot be easily related to higher level events. In addition, due to its sheer volume, data patterns could not be easily identified. A chain of events could be easily missed. Thus, automatic techniques are needed in order to combat potential attacks. More holistic approach is needed to look at all data from different sources to mitigate risks.

The proposed topic is to capture the knowledge and analytical capabilities of human security experts for the development of an intelligent system that performs event correlation from the logs and alerts of multiple security technologies. In particular, the research will investigate and develop machine learning techniques to address some of the following issues:

• How to seamlessly collect and transform data from any log sources into meaningful and comparable information
• How to filter, aggregate them into higher level events
• How to discover new patterns of events to indicate potential attacks/threats
• How to incorporate time and spatial dimensions in event analysis
• How to determine root causes of security issues and breaches

The work will benefit from a survey of existing tools and solutions to identify gaps and enhancements. Based on these, existing machine learning techniques will be evaluated, including:

• Rule-based systems. Is it possible to automatically learn event patterns to construct these rules?
• How to efficiently process these rule by incorporating heuristic knowledge?
• Model-based. Assets models, threats models.
• Statistical/Mathematical approaches
• Bayesian and belief networks and case-based reasoning

Many other techniques will also be relevant to this research such as fuzzy techniques and formal concept analysis.

Objectives of the research are to develop a holistic view of security related logs from different sources to raise early warnings of possible attacks/threats, to assist human experts to identify and analyse root causes of attacks/threats, and to prioritise risk protections.

The ideal candidate should have a good mixture of practical experience in virtualisation technology, understanding of micro-kernel or operating systems theory, and an interest in both Cloud computing and security combined with very good communication skills.

Applicants should be highly motivated and have a minimum of an upper second-class honours degree in Computer Science or a cognate discipline (e.g., Electrical Engineering, Physics or Chemistry). Prior relevant industrial experience would be advantageous.