City, University of London Featured PhD Programmes
FindA University Ltd Featured PhD Programmes
Engineering and Physical Sciences Research Council Featured PhD Programmes
University of Sheffield Featured PhD Programmes
University of Reading Featured PhD Programmes

Security threat intelligence


Project Description

Research Group: Cyber Security and Networking Research Group
https://www.anglia.ac.uk/science-and-technology/research/our-research-institutes-and-groups/cyber-security-and-networking-research-group

Proposed supervisory team:
Adrian Winckles ()
https://www.anglia.ac.uk/science-and-technology/about/computing-and-technology/our-staff/adrian-winckles
and Dr Mark Graham ()
https://www.anglia.ac.uk/science-and-technology/about/computing-and-technology/our-staff/mark-graham

Theme: Cyber security

Summary of the research project


According to both Gartner and NIST (National Institute of Standards and Technology), 92% of security vulnerabilities are now found in software. Within the industry, there are multiple layers of protection which offer a security in-depth approach around IT infrastructures filling the many holes offered by some layers.

There is a major industry need to identify emerging attacks against web applications and report them to the security community, in order to facilitate protection against such targeted attacks. We are leading the OWASP Web Honeypot project to produce a community of threat intelligence information.

The purpose of this part of the research is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks.

This could potentially involve the use of honeypots as an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them.

The honeypots in VM, Docker or small computing profiles like Raspberry Pi, employ ModSecurity based Web Application Firewall technology using OWASP’s Core Rule Set pushing intelligence data back to console to be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualisation.

The project will create honeypots that the community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed.

Where you’ll study


Cambridge (https://auth-authoring-prod.anglia.ac.uk/student-life/life-on-campus/cambridge-campus)

Next steps


If you wish to be considered for this project, you will need to apply for our Computer and Information Science PhD (https://www.anglia.ac.uk/study/postgraduate/computer-science-research). In the section of the application form entitled ’Outline research proposal’, please quote the above title and include a research proposal.

Funding Notes

This project is self-funded.
Details of studentships for which funding is available are selected by a competitive process and are advertised on our jobs website (View Website) as they become available.

Email Now

Insert previous message below for editing? 
You haven’t included a message. Providing a specific message means universities will take your enquiry more seriously and helps them provide the information you need.
Why not add a message here
* required field
Send a copy to me for my own records.

Your enquiry has been emailed successfully





FindAPhD. Copyright 2005-2019
All rights reserved.