Airbus Centre of Excellence in Cyber Security Analytics
We work across industry, academia and government to provide a focus for cyber security analytics in the UK. As the first centre of its kind in Europe, we aim to strategically position the UK as a leader in cyber security analytics.
We're addressing emerging challenges to cyber security by combining:
- computational and mathematical methods, drawing on our technical expertise in machine learning, artificial intelligence and big data analytics
- criminological expertise in cyber crime
- international relations expertise in communication and governance
Our collaboration covers areas of mutual interest to the Cyber Operations Team at Airbus and Cardiff University, including data science, big data analytics, machine learning and artificial intelligence.
A significant focus of our work is in the interpretation and effective communication of automated algorithmic data analytics to support decision making and policy surrounding cyber security issues of national importance.
Cyber security is a priority research area at Cardiff University, supported with strategic investment. Since 2012 we have established an interdisciplinary research team of technical and social researchers. Our collaborative projects have received more than £5m in funding from UK Research Councils (EPSRC, ESRC), Welsh Government (Endeavr Wales) and Industry (Airbus).
Participation in the collaborative program is not limited by the organisational affiliation of scientists and will be determined by individuals' ability to contribute to the mutual objectives of the participating organisations.
Our research is focussed around four themes:
- data-driven human and software behavioural analytics and threat intelligence (e.g. machine learning for intrusion detection via software behaviours)
- risk assessment and threat modeling (moving from asset-registers to dynamic process and dependency models)
- risk communication, privacy, governance and collective decision making using threat intelligence and good practice
- motivations, dynamics and social factors of cyber crime.
These four themes are interdependent and our interdisciplinary approach has led to publications in world-leading conferences and journals.
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2017. Can we predict a riot? Disruptive event detection using Twitter. ACM Transactions on Internet Technology 17 (2) 18. (10.1145/2996183)
- Levi, M. et al. 2017. Cyberfraud and the implications for effective risk-based responses: themes from UK research. Crime, Law and Social Change 67 (1), pp.77-96. (10.1007/s10611-016-9648-0)
- Shokri, R. , Theodorakopoulos, G. and Troncoso, C. 2016. Privacy games along location traces: A game-theoretic framework for optimizing location privacy. ACM Transactions on Privacy and Security 19 (4), pp.11:1 -11:31. (10.1145/3009908)
- Eden, P. et al., 2016. Forensic readiness for SCADA/ICS incident response. Presented at: 4th International Symposium for ICS & SCADA Cyber Security Research Queen's University Belfast, Belfast, UK 23-25 August 2016.
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2016. Automatic summarization of real world events using Twitter. Presented at: International AAAI Conference on Web and Social Media (ICWSM) Cologne, Germany 17-20 May 2016. Proceedings of the Tenth International AAAI Confe. , pp.511-514.
- Burnap, P. and Williams, M. L. 2016. Us and them: identifying cyber hate on Twitter across multiple protected characteristics. EPJ Data Science 5 11. (10.1140/epjds/s13688-016-0072-6)
- Awan, M. S. K. , Burnap, P. and Rana, O. F. 2016. Identifying cyber risk hotspots: A framework for measuring temporal variance in computer network risk. Computers and Security 57 , pp.31-46. (10.1016/j.cose.2015.11.003)
- Cherdantseva, Y. et al. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56 , pp.1-27. (10.1016/j.cose.2015.09.009)
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2016. Temporal TF-IDF: a high performance approach for event summarization in Twitter. Presented at: IEEE/WIC/ACM International Conference on Web Intelligence Omaha, Nebraska, USA 13-16 October 2016. 2016 IEEE/WIC/ACM International Conference on Web Intelligence. IEEE, pp.515-521. (10.1109/WI.2016.0087)
- Galini, T. et al., 2016. On the inference of user paths from anonymized mobility data. Presented at: 1st IEEE European Symposium on Security and Privacy Saarbrücken, Germany 21-24 March 2016.
- Williams, M. L. , Burnap, P. and Sloan, L. 2016. Crime sensing with big data: the affordances and limitations of using open source communications to estimate crime patterns. British Journal of Criminology (10.1093/bjc/azw031)
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2015. Identifying disruptive events from social media to enhance situational awareness. Presented at: IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) Paris, France 24-27 August 2015. ASONAM '15 Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. ACM, pp.934-941. (10.1145/2808797.2808879)
- Williams, M. L. and Burnap, P. 2015. Cyberhate on social media in the aftermath of Woolwich: A case study in computational criminology and big data. British Journal of Criminology 56 (2), pp.211-238. (10.1093/bjc/azv059)
- Burnap, P. et al. 2015. Detecting tension in online communities with computational Twitter analysis. Technological Forecasting & Social Change (10.1016/j.techfore.2013.04.013)
- Burnap, P. and Williams, M. L. 2015. Cyber hate speech on Twitter: An application of machine classification and statistical modeling for policy and decision making. Policy & Internet 7 (2), pp.223-242. (10.1002/poi3.85)
- Alsaedi, N. and Burnap, P. 2015. Arabic event detection in social media. Lecture Notes in Computer Science 9041 , pp.384-401. (10.1007/978-3-319-18111-0_29)
- Williams, M. L. 2015. Guardians upon high: an application of routine activities theory to online identity theft in Europe at the country and individual level. British Journal of Criminology , pp.1-28. (10.1093/bjc/azv011)
- Al Said, T. , Rana, O. F. and Burnap, P. 2015. VMInformant: an instrumented virtual machine to support trustworthy cloud computing. International Journal of High Performance Computing and Networking 8 (3), pp.222-234. IJHPCN080303. (10.1504/IJHPCN.2015.071257)
- Awan, M. , Burnap, P. and Rana, O. F. 2015. An empirical risk management framework for monitoring network security. Presented at: IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), Liverpool, UK 26-28 October 2015. Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. IEEE, pp.1764-1771. (10.1109/CIT/IUCC/DASC/PICOM.2015.266)
- Awan, M. S. K. et al. 2015. A classification framework for distinct cyber-attacks based on occurrence patterns. Presented at: The 9th International Conference on Security of Information and Networks Soch, Russia 8-10 September 2015. Proceedings of the 8th International Conference on Security of Information and Networks. ACM, pp.165-168. (10.1145/2799979.2800037)
- Awan, M. S. K. et al. 2015. Continuous monitoring and assessment of cybersecurity risks in large computing infrastructures. Presented at: 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC New York City, NY, USA 24-26 August 2015. High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on. IEEE, pp.1442-1447. (10.1109/HPCC-CSS-ICESS.2015.224)
- Awan, M. S. , Burnap, P. and Rana, O. F. 2015. Estimating risk boundaries for persistent and stealthy cyber-attacks. Presented at: 22nd ACM Conference on Computer and Communications Security Denver Colorado, USA 12-16 October 2015. SafeConfig '15 Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. ACM, pp.15-20. (10.1145/2809826.2809830)
- Eden, P. et al., 2015. A cyber forensic taxonomy for SCADA systems in critical infrastructure. Presented at: The 10th International Conference on Critical Information Infrastructures Security 2015 (CRITIS 2015) Berlin, Germany 5-7 October 2015.
- Eden, P. et al., 2015. A forensic taxonomy of SCADA systems and approach to incident response. Presented at: The 3rd International Symposium for ICS and SCADA Cyber Security Research 2015 (ICS-CSR 2015) Ingolstadt, Germany 17 - 18 September 2015. (10.14236/ewic/ICS2015.5)
- Rahulamathavan, Y. et al., 2015. Assessing data breach risk in cloud systems. Presented at: 7th International Conference on Cloud Computing Technology and Science (CloudCom) Vancouver, BC, Canada 30 Nov-3 Dec 2015. 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, pp.363-370. (10.1109/CloudCom.2015.58)
- Theodorakopoulos, G. 2015. The same-origin attack against location privacy. Presented at: 22nd ACM Conference on Computer and Communications Security Denver, Colorado, USA 12-126 October 2015. Published in: Ray, I. , Hopper, N. and Jansen, R. eds. WPES '15 Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society. ACM, pp.49-53. (10.1145/2808138.2808150)
- Williams, M. L. and Levi, M. 2015. Perceptions of the eCrime controllers: modelling the influence of cooperation and data source factors. Security Journal 28 (3), pp.252-271. (10.1057/sj.2012.47)
- Burnap, P. et al. 2014. Towards real-time probabilistic risk assessment by sensing disruptive events from streamed news feeds. Presented at: 8th IEEE International Conference on Complex, Intelligent and Software Intensive Systems (CISIS 2014) Birmingham City University, Birmingham, UK. 2-4 July 2014.
- Burnap, P. et al. 2014. Tweeting the terror: modelling the social media reaction to the Woolwich terrorist attack. Social Network Analysis and Mining 4 , pp.206. (10.1007/s13278-014-0206-4)
- Shokri, R. et al., 2014. Hiding in the mobile crowd: location privacy through collaboration. IEEE Transactions on Dependable and Secure Computing 11 (3), pp.266-279. (10.1109/TDSC.2013.57)
- Rahulamathavan, Y. et al., 2014. Analysing security requirements in cloud-based service level agreements. Presented at: SIN '14 The 7th International Conference on Security of Information and Networks Glasgow 9 - 11 September 2014. Proceedings of the 7th International Conference on Security of Information and Networks. New York, NY: ACM, pp.73-77. (10.1145/2659651.2659735)
- Levi, M. and Williams, M. L. 2013. Multi-agency partnerships in cybercrime reduction: Mapping the UK information assurance network cooperation space. Information Management & Computer Security 21 (5), pp.420-443. (10.1108/IMCS-04-2013-0027)
- Theodorakopoulos, G. , Le Boudec, J. Y. and Baras, J. S. 2013. Selfish response to epidemic propagation. IEEE Transactions on Automatic Control 58 (2), pp.363-376. (10.1109/TAC.2012.2209949)
- Williams, M. L. et al. 2013. Policing cyber-neighbourhoods: Tension monitoring and social media networks. Policing and Society 23 (4), pp.461-481. (10.1080/10439463.2013.780225)
- Burnap, P. et al. 2012. Protecting patient privacy in distributed collaborative healthcare environments by retaining access control of shared information. Presented at: 2012 International Conference on Collaboration Technologies and Systems (CTS) Denver, CO, USA 21-25 May 2012. Published in: Smari, W. W. and Charles, F. eds. 2012 International Conference on Collaboration Technologies and Systems (CTS). Vol. 14.Los Alamitos, CA: IEEE, pp.490-497. (10.1109/CTS.2012.6261095)
- Shokri, R. et al., 2012. Protecting location privacy: Optimal strategy against localization attacks. Presented at: 19th ACM Conference on Computer and Communications Security (CCS 2012) Raleigh, NC, USA 16-18 October 2012. Published in: Yu, T. , Danezis, G. and Gligor, V. D. eds. Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012. ACM 2012. New York, NY: ACM, pp.617-627. (10.1145/2382196.2382261)
- Shokri, R. et al., 2011. Quantifying location privacy. Presented at: 2011 IEEE Symposium on Security and Privacy (SP) Berkeley, CA, USA 22-25 May 2011. Published in: O’Conner, L. ed. Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP). Los Alamitos, CA: IEEE, pp.247-262. (10.1109/SP.2011.18)
- Burnap, P. and Hilton, J. C. 2009. Self protecting data for de-perimeterised information sharing. Presented at: Third International Conference on Digital Society ICDS '09 Cancun, Mexico 1-7 February 2009. Digital Society, 2009. ICDS '09. Third International Conference on. IEEE, pp.65-70. (10.1109/ICDS.2009.41)
- Theodorakopoulos, G. and Baras, J. 2008. Game theoretic modeling of malicious users in collaborative networks. IEEE Journal on Selected Areas in Communications 26 (7), pp.1317-1327. (10.1109/JSAC.2008.080928)
- Theodorakopoulos, G. 2007. Robust network trust establishment for collaborative applications and protocols. PhD Thesis , University of Maryland, College Park.
- Theodorakopoulos, G. and Baras, J. S. 2006. On trust models and trust evaluation metrics for ad hoc networks. IEEE Journal on Selected Areas in Communications 24 (2), pp.318-328. (10.1109/JSAC.2005.861390)
- Theodorakopoulos, G. and Baras, J. S. 2004. Trust evaluation in ad-hoc networks. Presented at: WiSe '04:3rd ACM workshop on Wireless security 1 October 2004Published in: Jakobsson, M. and Perrig, A. eds. WiSe '04 Proceedings of the 3rd ACM workshop on Wireless security. New York, NY: ACM, pp.1-10. (10.1145/1023646.1023648)
Research council funding
We were awarded more than £500k as part of a £1.2m EPSRC grant to bring together expertise in computer science and informatics (Prof Omer Rana, Dr Pete Burnap), social sciences (Prof Mike Levi, Prof Matthew Williams), and mathematics (Dr Vince Knight) to investigate:
- modelling techniques for representing coordinated cyber attacks on distributed computing infrastructures; and
- risk perceptions and economic costs of presenting data about such attacks to individuals involved at various levels of the trust and security eco-system (ranging from system administrators, end users to legislators).
We aimed to better understand how data acquired at different levels of a cyber infrastructure influences behaviours of both victims and legislators, on the observation that monitoring and responding to cyber crime is a socio-technical challenge.
We are members of the PETRAS Cyber Security IoT hub. A member of our team, Dr Madeline Carr, takes a joint lead on the Standards, Governance and Policy stream, which has direct links to the UK academic cyber security community.
We have recently been awarded £500K by EPSRC to research the human dimension of cyber security through an investigation into how UK policy makers assess evidence in cyber security.
We have been awarded nearly £1.3m from Endeavr Wales to develop tools and methods that are now being translated into cyber security business units within Airbus Defence and Space for risk assessment, management and monitoring within industry control systems (SCADA), intended for use within critical national infrastructure.
Building on Cardiff University's strong track record for research impact, Dr Pete Burnap is currently on secondment to Airbus Group, leading a significant financial investment in the growth of a data science and cyber analytics research unit within the Airbus Group Cyber Operations team;
Dr Yulia Cherdantseva is working closely with a spin-out consultancy to develop one of our research outcomes (a SCADA risk modeling toolkit) into a consultancy business. Dr Brandon Valeriano is working with the United States Marine Corps University to develop policy proposals and produce policy relevant research in cyber strategies. And Dr Andrea Calderaro has established the Cardiff University Centre for Internet & Global Politics (CIGP).
Lecturer in International Relations
- +44 (0)29 2068 8819
Professor of Performance Engineering
- +44 (0)29 2087 5542
- +44 (0)29 2087 4855
This research is made possible through our close partnership with: