University of Sheffield Featured PhD Programmes
Imperial College London Featured PhD Programmes
University of Hull Featured PhD Programmes

EPSRC iCase studentship in Cyber Security Analytics: Deception Approaches for Critical National Infrastructure (with Thales)

Cardiff School of Computer Science & Informatics

About the Project

Project Summary : Attacks on Critical National Infrastructure (CNI), such as the energy, transport management, and supplies sectors, may have disastrous consequences. Such attacks may be performed by a variety of threat actors, including lone individuals, crime organisations, and nation states. Likewise, the goals of the attacks comprise a wide range, such as attention-seeking, terrorism, monetary gain, and cyber warfare. Attackers may use a large array of approaches to reach these goals. They may perform pure cyberattacks – which can be executed from anywhere in the world.

Deception provides a virtual environment that resembles the actual physical environment as closely as possible, in order to fool the attacker into believing they are attacking the real system

Deception has two aims:

1.      Enabling the study of attackers’ Tools, Techniques, and Procedures (TTPs) within a secure environment. This supports the gathering of threat intelligence. One well-known instance is the classical “honeypot” approach.

2.      Defending the system by drawing attackers’ attention and effort away from the real environment into the virtual one.

We are seeking an enthusiastic, creative and technically skilled candidate for an exciting and unique fully-funded scholarship opportunity to study deception in the context of cybersecurity for critical national infrastructure. The result of this PhD will be novel research that addresses a subset of the challenges outlined below, and begins to develop a realistic technical implementation. The successful candidate will be supported by internationally recognised researchers at Cardiff University’s NCSC Academic Centre of Excellence for Cybersecurity Research, as well as industry experts and world class testbeds at Thales’ National Digital Exploitation Centre (NDEC). You will join the ESPRC DTP Hub in Cyber Security Analytics at Cardiff University, becoming part of an interdisciplinary cohort of students studying the human and algorithmic aspects of AI in the context of cybersecurity.

Objectives: This project will investigate existing deception approaches for CNI systems in both the academic and the industrial domain. Due to the context, there are many intellectual, scientific and technical challenges to be addressed:

1.      Realistic systems: The deception system must appear realistic in order to convince the attacker. Hence, its components and topology must closely match the real system. This is made particularly challenging by the fact that attackers may attack the system not just in the cyberspace. Therefore, the deception system will have to emulate not just digital components, but social and physical systems as well.

2.      Realistic responses: The system must react to attacks in a convincing way. As attackers can monitor the success of their attacks in the physical world and in the media, these must be covered as well.

3.      Scalability: Depending on the real system in question, CNI may involve a large number of diverse components. This raises questions of emulating those in a scalable way without replicating the original system in its entirety.

4.      Automation: Generating an instance of the deception system for a particular real system cannot be done manually. Therefore, the project must support the automated discovery and matching of a real system, including components, topology, and behaviour.

5.      Publicity and impact: The deception system will operate within an intellectually challenging field. On the one hand, some information needs to be publicised in order for it to operate (see (2), above). On the other hand, generating false information about attacks on a CNI may cause problems. In addition, the fact that a deception system is in operation should not be publicised.


Potential impact: The successful candidate will spend time located within Thales’ research labs in Ebbw Vale (short train journey from Cardiff). This will enable you to determine the factors associated with the deployment of new methods within a realistic testbed. The opportunity is to translate the outcomes from your research into new products and processes that could be of practical use to Thales.

External Partner (Thales)

·      Thales will support on project definition and steering, including industrial relevance

·      The student will be expected to work for part of their study period at Thales’ research labs in Ebbw Vale (on a main train/bus route)

·      The student will sign a contract between the university and Thales  


In response to the new UKRI eligibility criteria, Cardiff University is pleased to announce that it will be offering International fee discounts for successful UKRI applicants. This approach ensures that students regardless of nationality or financial means will be able to apply for our UKRI studentships. Successful applicants will receive a fully-funded studentship and will not be charged the international fee difference. Up to 30% of our EPSRC DTP funded studentships are available to international applicants.


Application format

Please provide the following information in your application

·      Academic background – we are seeking creative and energetic individuals from a range of backgrounds. We require a 1st or 2:1 at first degree level and/or or distinction at Masters degree level to apply. ​Example degree subjects include (but are not limited to): computer science, psychology, criminology, sociology, law, and business. We also welcome those who have significant relevant work experience.​

·      Describe any experience of research​

·      Write a short statement on what you understand the topic of cyber security analytics to be and what excites you about it​

·      Write a short statement on how your experience fits to the project to which you have applied, and how you would approach the project

·      Write a short statement on why you would like to undertake PhD research in a multi-disciplinary cohort, and how you think the experience will benefit your career in comparison with studying as an individual student. 

Apply online -

Applicants should select Doctor of Philosophy, with a start date of Oct 2021. In the research proposal section of your application, please specify the project title and supervisors of this project. In the funding section, please specify that you are applying for advertised funding from EPRSC DTP.

For more information on shortlisting and assessment process, please contact

For more information about the project, please contact the hub’s Academic Lead, Professor Pete Burnap,

Funding Notes

This project is funded by EPSRC iCase studentship in Cyber Security Analytics and Thales.
3.5 years Full Time or part-time equivalent. Tuition fees at the home/EU rate (£4,500 in 2021/22) and an annual stipend equivalent to current Research Council rates (£15,609 stipend for academic year 2021/22), plus support for travel/conferences/consumables.

Email Now

Insert previous message below for editing? 
You haven’t included a message. Providing a specific message means universities will take your enquiry more seriously and helps them provide the information you need.
Why not add a message here

The information you submit to Cardiff University will only be used by them or their data partners to deal with your enquiry, according to their privacy notice. For more information on how we use and store your data, please read our privacy statement.

* required field

Your enquiry has been emailed successfully

FindAPhD. Copyright 2005-2021
All rights reserved.