Airbus Centre of Excellence in Cyber Security Analytics
We are a leading UK academic research unit for cyber security analytics, focused on the interpretation and effective communication of applied data science and artificial intelligence methods through interdisciplinary insights into cyber risk, threat intelligence, attack detection and situational awareness. Our expertise draws from computer science, data science, criminology and international relations, and our status is evidenced by publications in world leading journals and conferences, a strong PhD track record and an historic grant income of approx. £7.8m – with over £4m already secured to sustain research within the centre between 2017 and 2021.
We work across industry, academia and government to provide a focus for cybersecurity analytics in the UK. As the first centre of its kind in Europe, we aim to strategically position the UK as a leader in cybersecurity analytics. We are known as a go-to place for data-science and AI insights on cyber threats – especially in support of the AI sector deal in the UK industrial strategy and the National Cyber Security Centre’s focus on Active Cyber Defence.
As an example of our impact, in the last 18 months we have: translated new methods and tools for real-time dynamic risk modelling into an Airbus spin out, which is now protecting critical national infrastructure; integrated our world class research on malware classification based on behavioural DNA profiling of machine activity using AI into Airbus’ Security Operations Centre (SOC); and provided written and oral evidence on the cyber threats associated with online social networks to a Home Affairs Select Committee in Westminster.
We are addressing emerging challenges to cybersecurity by combining:
- computational and mathematical methods, drawing on our technical expertise in machine learning, artificial intelligence and big data analytics
- criminological expertise in cyber crime
- international relations expertise in communication and governance
Our collaboration with Airbus covers areas of mutual interest to the Cyber Operations Team at Airbus and Cardiff University, including data science, big data analytics, machine learning and artificial intelligence. A significant focus of our work is in the interpretation and effective communication of automated algorithmic data analytics to support decision making and policy surrounding cybersecurity issues of national importance.
Participation in the collaborative program is not limited by the organisational affiliation of scientists and will be determined by individuals' ability to contribute to the mutual objectives of the participating organisations.
- Risk assessment and modelling – developing novel methods to formalise processes within critical infrastructures and developing new risk modelling notation that has transformed the way risk is captured. We hold a research grant worth £760k between 2017-20 to further advance the integration of cyber analytics with real-time risk assessment and modelling
- Risk communication, governance and collective decision making – using threat intelligence and good practice – being able to make effective decisions based on information available is crucial in an ever evolving cyber threat landscape. This includes detecting and preventing mass marketing fraud. The theme also includes research on communication and international relations, including the Centre for Internet & Global Politics (CIGP), contributing to the global Internet policy debate.
- Data-driven human and software behavioural analytics and threat intelligence – Our expertise in data science, machine learning and statistical analysis is being applied to ground-breaking research in intrusion detection via the complex analysis of software behaviours (e.g. machine learning for intrusion detection via software behaviours).
- Motivations, dynamics and social factors of cyber crimes – supporting theoretical data mining and explanatory social process modelling. This theme includes cyber fraud and motivations, and the social factors influencing behaviours and communication following cyber attacks. We study the social factors associated with increased social insecurity and cyber attacks via the medium of online social networks.
- Security and Privacy of Emerging Technologies (e.g. cloud, mobile devices and Internet of Things) – horizon scanning and forecasting the threats of the future using AI. In a fast-changing technological landscape it is essential to horizon scan and forecast the latest trends in cyber risk associated with the uptake of new technologies. We research Cloud technologies and the threat vectors associated with storing data in Cloud environments and service-level agreements. Cardiff University is an active partner in the EPSRC PETRAS national hub for Internet of Things (IoT), within which we study the emerging attack vectors and exploitation threats on IoT in an industrial control system context.
Our research is underpinned by five core research themes:
These five themes are interdependent and our interdisciplinary approach has led to publications in world-leading conferences and journals.
In addition to core academic aims around publication of world leading research and developing cutting edge taught programmes, as well as sustaining the centre with targeted applications for research funding and internal growth, we have identified three ‘grand challenges’ to focus on over the next five years:
- Security Operations and Situational Awareness – the use of applied data science and AI, combined with expertise in criminology and international relations, to better utilise and interpret the vast volumes of data being produced on a daily basis for prediction and management of emerging cyber threats. This includes better visualization and communication of threats between interconnected and interdependent people and processes. Without this, the UK and rest of the world will struggle to make sense of rapidly evolving attack vectors, motivations and systems at risk.
- Future of Secure Manufacturing – as industrial systems begin to engage with real-time monitoring and ‘Factory 4.0’, data will play a crucial role in better understanding threats to manufacturing systems. For instance, how will the Internet of Things (IoT) and Cloud be integrated into these traditionally ‘air gapped’ spaces? Will IT and OT end up being a single system instead of the perceived isolated sub networks they currently are? We aim to transform the future of manufacturing using data-driven technologies while retaining security via the integration of our research on automatic monitoring and control in safety critical systems.
- Governing Online Social Spaces – the Internet and Social Web have provided a massively interconnected world, which has its benefits but is already a core ecosystem for launching cyber attacks. Do we have to accept these spaces are not governable given the international reach? We aim to better understand the routine interactions in cyber space to allow us to use data to model and observe cause and effect in cyber attacks in an era of international political unrest.
- Javed, A. , Burnap, P. and Rana, O. F. 2019. Prediction of drive-by download attacks on Twitter. Information Processing and Management 56 (3), pp.1133-1145. (10.1016/j.ipm.2018.02.003)
- Williams, M. L. et al. 2019. Under the corporate radar: Examining insider business cybercrime victimization through an application of routine activities theory. Deviant Behavior 40 (9), pp.1119-1131. (10.1080/01639625.2018.1461786)
- Anthi, E. et al. 2018. EclipseIoT: A secure and adaptive hub for the Internet of Things. Computers and Security 78 , pp.477-490. (10.1016/j.cose.2018.07.016)
- Rhode, M. , Burnap, P. and Jones, K. 2018. Early-Stage malware prediction using recurrent neural networks. Computers and Security 77 , pp.578-594. (10.1016/j.cose.2018.05.010)
- Burnap, P. et al. 2018. Malware classification using self organising feature maps and machine activity data. Computers and Security 73 , pp.399-410. (10.1016/j.cose.2017.11.016)
- Thomas, L. et al. 2017. Automation of the supplier role in the GB power system using blockchain based smart contracts. CIRED - Open Access Proceedings Journal 2017 (1), pp.2619-2623. (10.1049/oap-cired.2017.0987)
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2017. Can we predict a riot? Disruptive event detection using Twitter. ACM Transactions on Internet Technology 17 (2) 18. (10.1145/2996183)
- Burnap, P. et al. 2017. Determining and sharing risk data in distributed interdependent systems. IEEE Computer 50 (4), pp.72-79. (10.1109/MC.2017.108)
- Williams, M. L. , Burnap, P. and Sloan, L. 2017. Crime sensing with big data: the affordances and limitations of using open source communications to estimate crime patterns. British Journal of Criminology 57 (2), pp.320-340. (10.1093/bjc/azw031)
- Levi, M. et al. 2017. Cyberfraud and the implications for effective risk-based responses: themes from UK research. Crime, Law and Social Change 67 (1), pp.77-96. (10.1007/s10611-016-9648-0)
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2017. Temporal TF-IDF: a high performance approach for event summarization in Twitter. Presented at: IEEE/WIC/ACM International Conference on Web Intelligence Omaha, Nebraska, USA 13-16 October 2016. 2016 IEEE/WIC/ACM International Conference on Web Intelligence. IEEE. , pp.515-521. (10.1109/WI.2016.0087)
- Shokri, R. , Theodorakopoulos, G. and Troncoso, C. 2016. Privacy games along location traces: A game-theoretic framework for optimizing location privacy. ACM Transactions on Privacy and Security 19 (4), pp.11:1 -11:31. (10.1145/3009908)
- Eden, P. et al., 2016. Forensic readiness for SCADA/ICS incident response. Presented at: 4th International Symposium for ICS & SCADA Cyber Security Research Queen's University Belfast, Belfast, UK 23-25 August 2016.
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2016. Automatic summarization of real world events using Twitter. Presented at: International AAAI Conference on Web and Social Media (ICWSM) Cologne, Germany 17-20 May 2016. Proceedings of the Tenth International AAAI Confe. AAAI. , pp.511-514.
- Awan, M. S. K. , Burnap, P. and Rana, O. F. 2016. Identifying cyber risk hotspots: A framework for measuring temporal variance in computer network risk. Computers and Security 57 , pp.31-46. (10.1016/j.cose.2015.11.003)
- Williams, M. L. and Burnap, P. 2016. Cyberhate on social media in the aftermath of Woolwich: A case study in computational criminology and big data. British Journal of Criminology 56 (2), pp.211-238. (10.1093/bjc/azv059)
- Cherdantseva, Y. et al. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56 , pp.1-27. (10.1016/j.cose.2015.09.009)
- Williams, M. L. 2016. Guardians upon high: an application of routine activities theory to online identity theft in Europe at the country and individual level. British Journal of Criminology 56 (1), pp.21-48. (10.1093/bjc/azv011)
- Burnap, P. and Williams, M. L. 2016. Us and them: identifying cyber hate on Twitter across multiple protected characteristics. EPJ Data Science 5 11. (10.1140/epjds/s13688-016-0072-6)
- Galini, T. et al., 2016. On the inference of user paths from anonymized mobility data. Presented at: 1st IEEE European Symposium on Security and Privacy Saarbrücken, Germany 21-24 March 2016.
- Alsaedi, N. , Burnap, P. and Rana, O. F. 2015. Identifying disruptive events from social media to enhance situational awareness. Presented at: IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) Paris, France 24-27 August 2015. ASONAM '15 Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. ACM. , pp.934-941. (10.1145/2808797.2808879)
- Burnap, P. and Williams, M. L. 2015. Cyber hate speech on Twitter: An application of machine classification and statistical modeling for policy and decision making. Policy & Internet 7 (2), pp.223-242. (10.1002/poi3.85)
- Burnap, P. et al. 2015. Detecting tension in online communities with computational Twitter analysis. Technological Forecasting & Social Change 95 , pp.96-108. (10.1016/j.techfore.2013.04.013)
- Alsaedi, N. and Burnap, P. 2015. Arabic event detection in social media. Presented at: 16th International Conference on Intelligent Text Processing and Computational Linguistics Cairo, Egypt 14-20 April 2015. Published in: Gelbukh, A. ed. Computational Linguistics and Intelligent Text Processing: 16th International Conference, CICLing 2015, Cairo, Egypt, April 14-20, 2015, Proceedings, Part I. Vol. 9041.Lecture Notes in Computer Science Springer Verlag. , pp.384-401. (10.1007/978-3-319-18111-0_29)
- Al Said, T. , Rana, O. F. and Burnap, P. 2015. VMInformant: an instrumented virtual machine to support trustworthy cloud computing. International Journal of High Performance Computing and Networking 8 (3), pp.222-234. IJHPCN080303. (10.1504/IJHPCN.2015.071257)
- Awan, M. , Burnap, P. and Rana, O. F. 2015. An empirical risk management framework for monitoring network security. Presented at: IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), Liverpool, UK 26-28 October 2015. Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. IEEE. , pp.1764-1771. (10.1109/CIT/IUCC/DASC/PICOM.2015.266)
- Awan, M. S. K. et al. 2015. A classification framework for distinct cyber-attacks based on occurrence patterns. Presented at: The 9th International Conference on Security of Information and Networks Soch, Russia 8-10 September 2015. Proceedings of the 8th International Conference on Security of Information and Networks. ACM. , pp.165-168. (10.1145/2799979.2800037)
- Awan, M. S. K. et al. 2015. Continuous monitoring and assessment of cybersecurity risks in large computing infrastructures. Presented at: 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC New York City, NY, USA 24-26 August 2015. High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on. IEEE. , pp.1442-1447. (10.1109/HPCC-CSS-ICESS.2015.224)
- Awan, M. S. , Burnap, P. and Rana, O. F. 2015. Estimating risk boundaries for persistent and stealthy cyber-attacks. Presented at: 22nd ACM Conference on Computer and Communications Security Denver Colorado, USA 12-16 October 2015. SafeConfig '15 Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. ACM. , pp.15-20. (10.1145/2809826.2809830)
- Eden, P. et al., 2015. A cyber forensic taxonomy for SCADA systems in critical infrastructure. Presented at: The 10th International Conference on Critical Information Infrastructures Security 2015 (CRITIS 2015) Berlin, Germany 5-7 October 2015.
- Eden, P. et al., 2015. A forensic taxonomy of SCADA systems and approach to incident response. Presented at: The 3rd International Symposium for ICS and SCADA Cyber Security Research 2015 (ICS-CSR 2015) Ingolstadt, Germany 17 - 18 September 2015. (10.14236/ewic/ICS2015.5)
- Rahulamathavan, Y. et al., 2015. Assessing data breach risk in cloud systems. Presented at: 7th International Conference on Cloud Computing Technology and Science (CloudCom) Vancouver, BC, Canada 30 Nov-3 Dec 2015. 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE. , pp.363-370. (10.1109/CloudCom.2015.58)
- Theodorakopoulos, G. 2015. The same-origin attack against location privacy. Presented at: 22nd ACM Conference on Computer and Communications Security Denver, Colorado, USA 12-126 October 2015. Published in: Ray, I. , Hopper, N. and Jansen, R. eds. WPES '15 Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society. ACM. , pp.49-53. (10.1145/2808138.2808150)
- Williams, M. L. and Levi, M. 2015. Perceptions of the eCrime controllers: modelling the influence of cooperation and data source factors. Security Journal 28 (3), pp.252-271. (10.1057/sj.2012.47)
- Burnap, P. et al. 2014. Towards real-time probabilistic risk assessment by sensing disruptive events from streamed news feeds. Presented at: 8th IEEE International Conference on Complex, Intelligent and Software Intensive Systems (CISIS 2014) Birmingham City University, Birmingham, UK. 2-4 July 2014. , pp.-.
- Burnap, P. et al. 2014. Tweeting the terror: modelling the social media reaction to the Woolwich terrorist attack. Social Network Analysis and Mining 4 , pp.206. (10.1007/s13278-014-0206-4)
- Shokri, R. et al., 2014. Hiding in the mobile crowd: location privacy through collaboration. IEEE Transactions on Dependable and Secure Computing 11 (3), pp.266-279. (10.1109/TDSC.2013.57)
- Rahulamathavan, Y. et al., 2014. Analysing security requirements in cloud-based service level agreements. Presented at: SIN '14 The 7th International Conference on Security of Information and Networks Glasgow 9 - 11 September 2014. Proceedings of the 7th International Conference on Security of Information and Networks. New York, NY: ACM. , pp.73-77. (10.1145/2659651.2659735)
- Levi, M. and Williams, M. L. 2013. Multi-agency partnerships in cybercrime reduction: Mapping the UK information assurance network cooperation space. Information Management & Computer Security 21 (5), pp.420-443. (10.1108/IMCS-04-2013-0027)
- Theodorakopoulos, G. , Le Boudec, J. Y. and Baras, J. S. 2013. Selfish response to epidemic propagation. IEEE Transactions on Automatic Control 58 (2), pp.363-376. (10.1109/TAC.2012.2209949)
- Williams, M. L. et al. 2013. Policing cyber-neighbourhoods: Tension monitoring and social media networks. Policing and Society 23 (4), pp.461-481. (10.1080/10439463.2013.780225)
- Burnap, P. et al. 2012. Protecting patient privacy in distributed collaborative healthcare environments by retaining access control of shared information. Presented at: 2012 International Conference on Collaboration Technologies and Systems (CTS) Denver, CO, USA 21-25 May 2012. Published in: Smari, W. W. and Charles, F. eds. 2012 International Conference on Collaboration Technologies and Systems (CTS). Vol. 14.Los Alamitos, CA: IEEE. , pp.490-497. (10.1109/CTS.2012.6261095)
- Shokri, R. et al., 2012. Protecting location privacy: Optimal strategy against localization attacks. Presented at: 19th ACM Conference on Computer and Communications Security (CCS 2012) Raleigh, NC, USA 16-18 October 2012. Published in: Yu, T. , Danezis, G. and Gligor, V. D. eds. Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012. ACM 2012. New York, NY: ACM. , pp.617-627. (10.1145/2382196.2382261)
- Shokri, R. et al., 2011. Quantifying location privacy. Presented at: 2011 IEEE Symposium on Security and Privacy (SP) Berkeley, CA, USA 22-25 May 2011. Published in: O’Conner, L. ed. Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP). Los Alamitos, CA: IEEE. , pp.247-262. (10.1109/SP.2011.18)
- Burnap, P. and Hilton, J. C. 2009. Self protecting data for de-perimeterised information sharing. Presented at: Third International Conference on Digital Society ICDS '09 Cancun, Mexico 1-7 February 2009. Digital Society, 2009. ICDS '09. Third International Conference on. IEEE. , pp.65-70. (10.1109/ICDS.2009.41)
- Theodorakopoulos, G. and Baras, J. 2008. Game theoretic modeling of malicious users in collaborative networks. IEEE Journal on Selected Areas in Communications 26 (7), pp.1317-1327. (10.1109/JSAC.2008.080928)
- Theodorakopoulos, G. 2007. Robust network trust establishment for collaborative applications and protocols. PhD Thesis , University of Maryland, College Park.
- Theodorakopoulos, G. and Baras, J. S. 2006. On trust models and trust evaluation metrics for ad hoc networks. IEEE Journal on Selected Areas in Communications 24 (2), pp.318-328. (10.1109/JSAC.2005.861390)
- Theodorakopoulos, G. and Baras, J. S. 2004. Trust evaluation in ad-hoc networks. Presented at: WiSe '04:3rd ACM workshop on Wireless security 1 October 2004Published in: Jakobsson, M. and Perrig, A. eds. WiSe '04 Proceedings of the 3rd ACM workshop on Wireless security. New York, NY: ACM. , pp.1-10. (10.1145/1023646.1023648)
Research council funding
We have been successful in attracting external cybersecurity research funding amounting to more than £7.5m. Funding has been awarded from RCUK (e.g. EPSRC, ESRC), Industry and Government. Selected grant details are listed below:
- Institutional PI Burnap
- £1.8m EPSRC
EPSRC PETRAS Research Hub, Cyber Security of the Internet of Things – Identifying Attack Vectors for Network Intrusion via IoT devices & Developing a Goal-Oriented Approach to Determining Impact Across Threat Surfaces (IoT Depends)
- Institutional PI Burnap with Theodorakpolous, Rana and Renicke at Cardiff
- £136k EPSRC
SCADA Cyber Security Lifecycle 2 (SCADA-CSL 2)
- Institutional PI Burnap with Cherdantseva and Theodorakpolous at Cardiff
- £760k – Endeavr Wales
Social Data Science Lab: Methods and Infrastructure Development for Open Data Analytics in Social Research
- Institutional PI Burnap with Williams and Rana at Cardiff
- £450k – ESRC
- Institutional PI Rana with Burnap, Williams and Levi at Cardiff
- £1.1m – EPSRC
SCADA Cyber Security Lifecycle (SCADA-CSL)
- Institutional PI Burnap with Rana and Cherdantseva at Cardiff
Cybercrime Reduction Partnership Mapping Study
- Institutional PI Williams with Levi at Cardiff
- £74k – Nominet Trust
Detecting and Preventing Mass-Marketing Fraud (DAPM)
- Institutional PI Levi
- £845k – EPSRC
Privacy Protection in Event-Based Data Sharing and Analysis
- Institutional PI Shao
- £515k – Royal Academy of Engineering Fellowship
Cyber-related economic crime and implications for policing approaches
- Institutional PI Levi with Williams at Cardiff
- £25k – City of London Corporation
Fear of Cybercrime and its Cybersecurity Consequences
- Institutional PI Williams with Levi at Cardiff
- £25k – Home Office
Lecturer in International Relations
- +44 (0) 29 2068 8819
- +44 (0)29 2251 0014
Professor of Performance Engineering
- +44 (0)29 2087 5542
- +44 (0)29 2087 4855
- +44(0) 29 2087 4853
This research is made possible through our close partnership with: