Don't miss our weekly PhD newsletter | Sign up now Don't miss our weekly PhD newsletter | Sign up now

  Fully-funded EPSRC PhD studentship available in Lancaster Data Science & AI Institute: Real-time Anomaly Detection for Network Intrusion using Explainable AI


   Lancaster Environment Centre

  ,  Friday, April 19, 2024  Funded PhD Project (Students Worldwide)

About the Project

Background. Network security remains a critical challenge in today's world, with the ever-evolving  landscape of cyber threats demanding new and adaptable solutions. Traditional rule-based methods for anomaly detection in network traffic struggle to keep pace with the sophistication of attackers, often requiring manual intervention, and lacking the flexibility to adapt to novel attack vectors. This project seeks to address these limitations by leveraging the power of advanced statistical learning, specifically focusing on the field of Explainable Artificial Intelligence (XAI), to develop a real-time anomaly detection system for network Intrusion Detection Systems (IDS).

The challenge. AI techniques have shown great promise in anomaly detection, offering the potential to automatically learn patterns from historical data and identify deviations indicative of malicious activity. However, the sheer volume, velocity, and heterogeneity of network traffic data present significant challenges. Efficient and scalable algorithms are needed to process this data in real-time, while simultaneously ensuring the interpretability and explainability of the results. This is crucial in an IDS setting, where understanding the rationale behind an anomaly detection is critical for effective decisionmaking and maintaining trust in the system.

Project outline. This PhD project aims to build a data-driven approach for real-time anomaly detection in network traffic using XAI techniques. We will begin with a comprehensive review of existing online anomaly detection algorithms, focusing primarily on state-of-the-art XAI techniques while concurrently investigating competing deep learning approaches. At the same time, to gain a deeper understanding of the problem space, we will conduct an in-depth study of the specific challenges and complexities associated with network traffic data, such as its high volume, velocity, and inherent heterogeneity (both of the data streams and of the anomalous events). The goal of the initial analysis will be to evaluate and understand the limitations of current approaches with network traffic anomaly detection.

Drawing upon the insights gained from the comparative analysis and the in-depth study, we will propose a novel methodology tailored specifically for real-time anomaly detection in network traffic. One way is to generalise our recent developments in Statistical Anomaly Detection to work with high-dimensional network data. Those approaches are based on well-defined fast and efficient optimizations that identify unexpected changes in data patterns to answer the question “Are we seeing something significantly different from what has been observed so far?”. This will allow the methodology to handle real-time data streams, while simultaneously ensuring the interpretability of its outputs for informed human decisionmaking.  

The hope would be to evaluate the resulting procedure via a real-world IDS, via a collaboration with the Lancaster University's ISS department, refining the algorithm directly with help of the practitioners. 

Broader outcomes. While the primary focus of this project will be on real-time anomaly detection for Lancaster University's IDS, the proposed approach, with appropriate adaptation and consideration for specific domain requirements and data characteristics, has the potential to be generalized to other network monitoring applications beyond intrusion detection and potentially larger-scale scenarios.

The candidate. The ability to work and research independently is highly valued. This project expects strong foundational knowledge in data science, with a specific emphasis on statistical learning, and general understanding of ML. Given the wide scope of the project, in addition to a solid theoretical background, the candidate should have knowledge of both R and python as well as the most popular data manipulation and ML libraries.

For informal enquiries about the project, please contact Gaetano Romano on () or Bill Oxbury on ().

To apply, please send a CV and cover letter demonstrating your motivation for the post to . The closing date for applications is 19th April 2024 and we anticipate a start date of October 2024 for the successful candidate.

Computer Science (8) Engineering (12) Mathematics (25)

Register your interest for this project