Determining Cyber Attacks by Using Machine Learning to Detect Message Anomalies

About the Project

We are interested in finding ways to determine internal and external attacks on cyber systems such as IoT devices, wireless sensor networks (WSN), car electronic components, or connected computer systems. Such attacks often involve the alteration, fabrication, deletion or injection of data messages. Detecting anomalies in data message streams is therefore an important aspect of any intrusion detection system deployed for cyber security.

Attacks might alter the timing, quantity or payload contents of the messages. Although some attacks might affect the message flows in ways that can be predetermined and hence identified in signature databases, there are also attacks that are either not predictable or are difficult to formally define against the natural behaviour of the system.

An example of the latter is the controller area network in cars, where the message properties are likely to be unique to the car model and secret to the car manufacturer, which makes formally defining a normal profile, and hence conversely an abnormal profile, a difficult prospect.

This PhD would therefore determine and evaluate methods for detecting attacks, such as using machine learning to detect abnormal behaviour in the messages. A project would involve determining and evaluating suitable detection methods as well as developing suitable data sets and message attack simulations.

• Director of Studies: Dr Andrew Tomlinson, Worcester Business School, University of Worcester
• Supervisors: Dr Hayder Alwattar, Worcester Business School, University of Worcester
• Research Group: Digital Innovation & Intelligent Systems Research Group

Application Process

To begin the application process please go to https://www.worc.ac.uk/research/research-degrees/applying-for-a-phd/.