26-27 Jan | FREE virtual study fair | REGISTER NOW 26-27 Jan | FREE virtual study fair | REGISTER NOW
University of Salford Featured PhD Programmes
Heriot-Watt University Featured PhD Programmes
University College London Featured PhD Programmes
   Applications accepted all year round  Self-Funded PhD Students Only

Cambridge United Kingdom Operational Research Computer Science Information Services Software Engineering

About the Project

Research Group

Cyber Security and Networking Research Group

Proposed supervisory team

Adrian Winckles

Theme

Cyber security

Summary of the research project

According to both Gartner and NIST (National Institute of Standards and Technology), 92% of security vulnerabilities are now found in software. Within the industry, there are multiple layers of protection which offer a security in-depth approach around IT infrastructures filling the many holes offered by some layers.

There is a major industry need to identify emerging attacks against web applications and report them to the security community, in order to facilitate protection against such targeted attacks. We are leading the OWASP Web Honeypot project to produce a community of threat intelligence information.

The purpose of this part of the research is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks.

This could potentially involve the use of honeypots as an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them.

The honeypots in VM, Docker or small computing profiles like Raspberry Pi, employ ModSecurity based Web Application Firewall technology using OWASP’s Core Rule Set pushing intelligence data back to console to be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualisation.

The project will create honeypots that the community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed.

Where you'll study

Cambridge

Funding

This project is self-funded.

Details of studentships for which funding is available are selected by a competitive process and are advertised on our jobs website as they become available.

Next steps

If you wish to be considered for this project, you will need to apply for our Computer and Information Science PhD. In the section of the application form entitled 'Outline research proposal', please quote the above title and include a research proposal.


Email Now


PhD saved successfully
View saved PhDs