Cyber Threat Intelligence and Threat Hunting
Today's adversaries including Advanced Persistent Threat (APT) actors accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defence mechanisms, go undetected during the intrusion, and then remain undetected on networks over long periods of time. In this project we are building tools, techniques and strategies to hunt for attackers’ remnants on different host and network locations and utilise different machine learning and deep learning techniques to analyse collected data and build intelligence that can be used for determining threat actors’ tactics, techniques and procedures (TTPs).
Real-Time Malware Detection and Analysis in Mobile and IoT Networks
Mobile and IoT platforms are the best means of spreading and dispatching malicious programs as these systems are usually lacking of standard detection/protection systems (i.e. Firewalls, IDS,..), end-users are usually not employing any defensive mechanism as well (not even simple anti-viruses), and devices are exposing good processing powers. As such, SMS, MMS and even App stores are heavily used by hackers to disseminate their malicious codes. At the same time, most of transmissions in these environments should happen in real-time (i.e. you can’t wait for 2 hours that your MMS get analysed and then be delivered!). In this project we are developing techniques and tools for real-time analysis and detection of malicious programs with focus on mobile and pervasive systems.
Detecting Software Vulnerabilities and 0-Day Exploits
With the fast growth of IT industry and huge pressure on quickly developing software programs; tones of vulnerabilities are released every day! Timely detection and properly handling these vulnerabilities require a lot of consistent research. Developing (semi) automated tools and techniques for detection of 0-day vulnerabilities and mechanisms to mitigate risks of 0-day exploits are important goals of this project.
Darknet and Darknet of Things Forensics
In spite of the slim size of Darknet data in compare with Web and Deepnet data; the Darknet information plays significant role in tracing hackers and detection of attackers previous or next movements. As such, Darkent data collection, preservation and analysis techniques play significant role in incident detection, incident handling and digital forensics. This project aims to further current state of art in Darkent data collection and analysis.
Cyber Threat Hunting in Internet of Things (IoT) Networks (both offensive and defensive)
With the fast integration of computation and networking in all physical process and development of lots of smart-contexts, the spectrum of devices that can be investigated is extensive. A range of devices and protocols from PDAs and mobile devices to automobiles, sensors, and robots which are interconnected pervasively! The examination of these devices is a crucial component in future legal, governmental, and business investigations. Therefore, we need models and frameworks that for forensically sound collection, preservation, analysis and documentation of evidences in these environments.
Candidates should have a 1st or upper 2nd class honours degree in an area relevant to the subject. In all cases a Master’s degree or equivalent qualification or other evidence of research skills and experience is preferred but not essential.
Application where funding can be secured from other sources will be accepted at any time. For further information visit: www.salford.ac.uk/study/postgraduate/fees-and-funding/research-degree-fees-and-funding
Further information and applying
For further information, please contact Dr Ali Dehghantanha at [email protected]
For more information on research within the School of Computing Science & Engineering and to make an application please visit: www.salford.ac.uk/research/sirc/postgraduate-research