Don't miss our weekly PhD newsletter | Sign up now Don't miss our weekly PhD newsletter | Sign up now

  Behavioural Analysis for Ransomware and Extortion-based Attack Detection


   School of Computing, Engineering & the Built Environment

This project is no longer listed on FindAPhD.com and may not be available.

Click here to search FindAPhD.com for PhD studentship opportunities
  Assoc Prof Rich McFarlane  Applications accepted all year round  Self-Funded PhD Students Only

About the Project

Edinburgh Napier University’s Cyber Security and Forensics Research Group focuses on applied research in areas of threat analysis and detection, digital forensic triage, trust, identity and cryptography, and has had successful real world impact with several spin-out companies. A ransomware research group led by Rich Macfarlane has been working in the areas of ransomware attack analysis, detection and mitigation for several years.

Ransomware attacks include a range of behaviours at various stages of the attack model, including recon, data exfiltration, and data encryption, aimed at extortion from a victim. Crypto ransomware malware when used in attacks, typically locks user data, alongside double extortion which also involves exfiltration of sensitive data. A payment is typically then demanded from the victim in return for the safe return of access to their files and data. Over the last few years ransomware has become an ever growing threat to corporate as well as personal data, and has seen rapidly evolving tactics and techniques to evade detection and mitigation.

Research work aims to enhance and develop new methods of analysis and detection of extortion-based attacks, particularly focused on behavioural analysis early in the kill chain. A focus on pre-destructive activity detection and dynamic behaviour analysis, including methods to capture and model features such file interactions and staging of data for exfiltration. The scope of the work and focus of the individual project can be, to some extent, driven by the individual student. The work will be carried out within a small team of researchers here at Edinburgh Napier University working at the forefront of ransomware attack research, including various areas around analysis and datasets, detection and mitigation, for crypto ransomware and other extortion-based attacks.

Ashort research proposal of around 1,000 words outlining the specific project, is expected as part of the application. The project will be supervised by Associate Professor Rich Macfarlane ([Email Address Removed]) and others from the team. Interested students are encouraged to contact Rich by email to discuss the proposal

Academic qualifications

A first degree (at least a 2.1) or MSc ideally in Computer Science-related area with a good fundamental knowledge of computer science and ideally cyber security.

English language requirement

IELTS score must be at least 6.5 (with not less than 6.0 in each of the four components). Other, equivalent qualifications will be accepted. Full details of the University's policy are available online.

Application process

Prospective applicants are encouraged to contact the supervisor, Associate Professor Rich Macfarlane ([Email Address Removed]) to discuss the content of the project and the fit with their qualifications and skills before preparing an application. 

The application must include: 

Research project outline of 2 pages (list of references excluded). The outline may provide details about

  • Background and motivation, explaining the importance of the project, should be supported also by relevant literature. You can also discuss the applications you expect for the project results.
  • Research questions or
  • Methodology: types of data to be used, approach to data collection, and data analysis methods.
  • List of references

The outline must be created solely by the applicant. Supervisors can only offer general discussions about the project idea without providing any additional support.

  • Statement no longer than 1 page describing your motivations and fit with the project.
  • Recent and complete curriculum vitae. The curriculum must include a declaration regarding the English language qualifications of the candidate.
  • Supporting documents will have to be submitted by successful candidates.
  • Two academic references (but if you have been out of education for more than three years, you may submit one academic and one professional reference), on the form can be downloaded here.

Applications can be submitted here.

Download a copy of the project details here.

Computer Science (8)

References

[1] McIntosh, T., Kayes, A. S. M., Chen, Y. P. P., Ng, A., & Watters, P. (2021). Ransomware mitigation in the modern era: A comprehensive review, research challenges, and future directions. ACM Computing Surveys (CSUR), 54(9), 1-36.
[2] Sihwail, R., Omar, K., & Ariffin, K. A. Z. (2018). A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis. International Journal on Advanced Science, Engineering and Information Technology, 8(4-2), 1662.
[3] N. Hampton, Z. Baig, and S. Zeadally, “Ransomware behavioural analysis on windows platforms,” Journal of information security and applications, vol. 40, pp. 44–51, 2018.
[4] Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2023). Majority Voting Ransomware Detection System. Journal of Information Security, 14(4).

 About the Project