Research Group
Cyber Security and Networking Research Group
Proposed supervisory team
Adrian Winckles
Theme
Cyber security
Summary of the research project
According to both Gartner and NIST (National Institute of Standards and Technology), 92% of security vulnerabilities are now found in software. Within the industry, there are multiple layers of protection which offer a security in-depth approach around IT infrastructures filling the many holes offered by some layers.
There is a major industry need to identify emerging attacks against web applications and report them to the security community, in order to facilitate protection against such targeted attacks. We are leading the OWASP Web Honeypot project to produce a community of threat intelligence information.
The purpose of this part of the research is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks.
This could potentially involve the use of honeypots as an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them.
The honeypots in VM, Docker or small computing profiles like Raspberry Pi, employ ModSecurity based Web Application Firewall technology using OWASP’s Core Rule Set pushing intelligence data back to console to be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualisation.
The project will create honeypots that the community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed.
Where you'll study
Cambridge
Funding
This project is self-funded.
Details of studentships for which funding is available are selected by a competitive process and are advertised on our jobs website as they become available.
Next steps
If you wish to be considered for this project, you will need to apply for our Computer and Information Science PhD. In the section of the application form entitled 'Outline research proposal', please quote the above title and include a research proposal.