The IoT ecosystem allows low-powered mini-computers, such as kettles and doorbells, to become hyperfunctional, for the end user and prospective hacker. As networks are only as secure as their weakest links, insecure IoT devices are low-hanging fruit for attackers trying to gain a foothold into a network, whether in the home, enterprise or industry. Research leading to the ability to detect, prevent and mitigate attacks on IoT devices is urgently needed.
The global IoT market, worth $250.72 billion in 2019, is projected to grow to $1,463.19 billion by 2027 , with leading silicon manufacturer Arm expecting over a trillion devices to be using its processors. Security of these devices is still an immense challenge. Symantec reported an average of 5,400 monthly attacks targeting IoT devices in 2019 . In the same year, Avast demonstrated a honeynet of 500 fake IoT devices over four days, with 23.2 million potential attacks attempted . This trend is escalating, with IoT devices now responsible for 32.72% of all infections observed in mobile networks, up 100% from 2019 . There is an urgent need for novel research on increasing the security posture of such devices, and in providing solutions capable of being implemented in light-weight contexts against future and emerging attacks. This PhD project will research software-based approaches for IoT attack mitigation. It will establish a novel IoT testbed, including a set of intentionally vulnerable honeypots (a honeynet) to attract the latest cyberattacks for analysis, and consumer devices to test processor-level software-based mitigations to threats.
This project is fully funded as part of the CyReSE project. This is led by Dr. Domhnall Carlin as part of the prestigious EPSRC Research Software Engineering Fellowship and will include fees and maintenance (approximately £15,000). CyReSE includes support from several organisations, including NVIDIA, Thales and NICT (Japan), with potential opportunities for internships, collaboration and research placements.
Key Aims of the project:
- Design & Engineering of IoT Testbed.
- Attract, record & analyse current IoT attacks.
- Development of novel IoT attacks.
- Attack data for AI.
- Proactive AI-based attack mitigations.
Project Key Words: Cybersecurity, InfoSec, Internet of Things (IoT), malware, AI, machine learning, assembly, opcode, computer science, ARM, MIPS, honeypot, networking
Start Date: 01/10/22
Application Closing date: 28/02/22
For further information about eligibility criteria please refer to the DfE
Postgraduate Studentship Terms and Conditions 2021-22 at https://go.qub.ac.uk/dfeterms
Applicants should apply electronically through the Queen’s online application portal at: https://dap.qub.ac.uk/portal/
- A minimum 2.1 honours degree or equivalent in Computer Science or Electrical and Electronic Engineering;
- or Students holding an appropriate MEng or MSc (Software conversion) will normally be required to have commendation or above;
- or relevant degree with significant programming and computing experience.
- A demonstrable interest in cybersecurity
This three year studentship, for full-time PhD study, is potentially funded by the Department for the Economy (DfE) and commences on 1 October 2022. For UK domiciled students the value of an award includes the cost of approved tuition fees as well as maintenance support (Fees £4,500 pa and Stipend rate £15,609 pa - 2022-23 rates to be confirmed). To be considered eligible for a full DfE studentship award you must have been ordinarily resident in the United Kingdom for the full three year period before the first day of the first academic year of the course.
For candidates who do not meet the above residency requirements, a small number of international studentships may be available from the School. These are expected to be highly competitive, and a selection process will determine the strongest candidates across a range of School projects, who may then be offered funding for their chosen project.