Airbus Centre of Excellence in Cyber Security Analytics

We work across academia, industry and government to address emerging challenges to cyber security.

We are a leading UK academic research unit for cyber security analytics, focused on the interpretation and effective communication of applied data science and artificial intelligence methods through interdisciplinary insights into cyber risk, threat intelligence, attack detection and situational awareness. Our expertise draws from computer science, data science, criminology and international relations, and our status is evidenced by publications in world leading journals and conferences, a strong PhD track record and an historic grant income of approx. £7.8m – with over £4m already secured to sustain research within the centre between 2017 and 2021.

We work across industry, academia and government to provide a focus for cybersecurity analytics in the UK. As the first centre of its kind in Europe, we aim to strategically position the UK as a leader in cybersecurity analytics. We are known as a go-to place for data-science and AI insights on cyber threats – especially in support of the AI sector deal in the UK industrial strategy and the National Cyber Security Centre’s focus on Active Cyber Defence.

As an example of our impact, in the last 18 months we have: translated new methods and tools for real-time dynamic risk modelling into an Airbus spin out, which is now protecting critical national infrastructure; integrated our world class research on malware classification based on behavioural DNA profiling of machine activity using AI into Airbus’ Security Operations Centre (SOC); and provided written and oral evidence on the cyber threats associated with online social networks to a Home Affairs Select Committee in Westminster.

We are addressing emerging challenges to cybersecurity by combining:

computational and mathematical methods, drawing on our technical expertise in machine learning, artificial intelligence and big data analytics
criminological expertise in cyber crime
international relations expertise in communication and governance

Our collaboration with Airbus covers areas of mutual interest to the Cyber Operations Team at Airbus and Cardiff University, including data science, big data analytics, machine learning and artificial intelligence. A significant focus of our work is in the interpretation and effective communication of automated algorithmic data analytics to support decision making and policy surrounding cybersecurity issues of national importance.

Participation in the collaborative program is not limited by the organisational affiliation of scientists and will be determined by individuals' ability to contribute to the mutual objectives of the participating organisations.

Research

Our research is underpinned by five core research themes:

Risk assessment and modelling – developing novel methods to formalise processes within critical infrastructures and developing new risk modelling notation that has transformed the way risk is captured. We hold a research grant worth £760k between 2017-20 to further advance the integration of cyber analytics with real-time risk assessment and modelling
Risk communication, governance and collective decision making – using threat intelligence and good practice – being able to make effective decisions based on information available is crucial in an ever evolving cyber threat landscape. This includes detecting and preventing mass marketing fraud. The theme also includes research on communication and international relations, including the Centre for Internet & Global Politics (CIGP), contributing to the global Internet policy debate.
Data-driven human and software behavioural analytics and threat intelligence – Our expertise in data science, machine learning and statistical analysis is being applied to ground-breaking research in intrusion detection via the complex analysis of software behaviours (e.g. machine learning for intrusion detection via software behaviours).
Motivations, dynamics and social factors of cyber crimes – supporting theoretical data mining and explanatory social process modelling. This theme includes cyber fraud and motivations, and the social factors influencing behaviours and communication following cyber attacks. We study the social factors associated with increased social insecurity and cyber attacks via the medium of online social networks.
Security and Privacy of Emerging Technologies (e.g. cloud, mobile devices and Internet of Things) – horizon scanning and forecasting the threats of the future using AI. In a fast-changing technological landscape it is essential to horizon scan and forecast the latest trends in cyber risk associated with the uptake of new technologies. We research Cloud technologies and the threat vectors associated with storing data in Cloud environments and service-level agreements. Cardiff University is an active partner in the EPSRC PETRAS national hub for Internet of Things (IoT), within which we study the emerging attack vectors and exploitation threats on IoT in an industrial control system context.

These five themes are interdependent and our interdisciplinary approach has led to publications in world-leading conferences and journals.

In addition to core academic aims around publication of world leading research and developing cutting edge taught programmes, as well as sustaining the centre with targeted applications for research funding and internal growth, we have identified three ‘grand challenges’ to focus on over the next five years:

Security Operations and Situational Awareness – the use of applied data science and AI, combined with expertise in criminology and international relations, to better utilise and interpret the vast volumes of data being produced on a daily basis for prediction and management of emerging cyber threats. This includes better visualization and communication of threats between interconnected and interdependent people and processes. Without this, the UK and rest of the world will struggle to make sense of rapidly evolving attack vectors, motivations and systems at risk.
Future of Secure Manufacturing – as industrial systems begin to engage with real-time monitoring and ‘Factory 4.0’, data will play a crucial role in better understanding threats to manufacturing systems. For instance, how will the Internet of Things (IoT) and Cloud be integrated into these traditionally ‘air gapped’ spaces? Will IT and OT end up being a single system instead of the perceived isolated sub networks they currently are? We aim to transform the future of manufacturing using data-driven technologies while retaining security via the integration of our research on automatic monitoring and control in safety critical systems.
Governing Online Social Spaces – the Internet and Social Web have provided a massively interconnected world, which has its benefits but is already a core ecosystem for launching cyber attacks. Do we have to accept these spaces are not governable given the international reach? We aim to better understand the routine interactions in cyber space to allow us to use data to model and observe cause and effect in cyber attacks in an era of international political unrest.