Cyber Security Informatics (CSI)

The CSI research group conducts research on autonomous, immersive, and mutable cognitive cyber security defence tools, enabling the next generation of security experts to create a trusted computing continuum and help contribute to the United Nations Sustainable Development Goals.

Research areas: 

Federated and Autonomous defence: The proliferation of IoT and edge devices has contributed to an onslaught of cyber attacks with escalating complexity. Threat-hunting and threat-mitigating pipelines based on vintage Machine Learning methods and rule-based solutions have become obsolete in protecting systems as the cyber-attacks have become more dynamic. Against this background, our objective is to explore the application of federated learning and deep reinforcement learning for edge security that can scale up to serve numerous clients across the metaverse. 

Cognitive defence: The increasing availability of data in the public domain is an invaluable source for open-source intelligence (OSINT) leveraged by ICT systems to increase their resiliency against known and emerging attacks, incidents, and events. Language models like GPT2/3, BERT, RoBERTa, XMLR have already been deployed in numerous domains, but applications on cybersecurity are still lagging behind. Thus, a key objective is to leverage emerging neural networks architectures for developing novel natural language processing (NLP) tools and zero-shot learners to augment the functionalities of CTI.

Mutable defence: With the advent of container orchestration tools and microservices, cyber defence stacks are becoming more architecture-centric and reactive in responding to the dynamically changing nature of threats. A notable example is the emergence of AI-driven Security Orchestration, Automation and Response (SOAR) systems that can deploy ML models in analysing and responding to threats, providing advanced security protection along the computing continuum. A core objective is to examine the feasibility of high entropy Moving Target Defence (MTD) solutions along the computing continuum. 

Immersive defence and Gaming: By 2025, over 30 billion new devices will be connected into existing networks. Without the means to visualise the onslaught of critical information, especially related to security-focused incidents (e.g. network traffic logs, firewall logs, and asset monitoring), users at the edge of the network will be exposed to an information overload. Thus, our objective is to explore novel data visualisation modalities using VR/AR/MR, helping users to gain improved situational awareness. We explore novel research pathways to determine the effectiveness of immersive edge displays and their potential positive or negative impact on the operators’ situation awareness. We also explore novel immersive Wargaming applications that enable positive learning and training outcomes across different community stakeholders. 


Current Projects

IDUNN (EU H2020) – A Cognitive Detection System for Cybersecure Operational Technologies (2021-2024)
NESTOR (EU H2020) – An Enhanced Pre-frontier Intelligence Picture to Safeguard the European Borders (2021-2023)
PRINCE (EU ISF-P) – Preparedness & Response for CBRNE Incidents (2019-2022)

Selected Publications