NCSC-backs machine learning and cyber security PhD
.jpg)
Courtesy Surevine
The project aims to consider the application of machine learning and decision support strategies to make sense of a vast array of cyber threat information. It will define models for identifying attack vectors, levels of trust in users and then identifying changes of user behaviour that indicate propensity to move from trusted to threatening behaviour.
Information sharing of threat intelligence is becoming increasingly important in order to defend against cyber attacks. Moreover, national security and government organisations such as NCSC in the UK are driving initiatives to develop cyber threat information sharing partnerships. There are a number of platforms, including Surevine’s Threatvine, currently being developed to support a common infrastructure and protocols for sharing cyber threat information.
With wider scale adoption two main research challenges emerge around the improved utility of the information and its trustworthiness which goes beyond the functionality offered currently by the existing platforms:
- How can an assessment be made of the information being stored in the platform in order to customise and categorise the information presented to users, to make it more relevant and actionable?
- How can the threat information posted to a platform be trusted to be from a particular source?
The main objectives of the studentship are:
- To identify what can be done in order to analyse the impact of the threat information
- To develop machine learning algorithms that could be new and/or adapted from existing algorithms. These
will be evaluated in the context of information sharing platforms and to evaluate them in the context of
real information from different industry sectors - To develop machine learning and security techniques to improve the assessment of users’ trustworthiness
within information sharing platforms.
The technical approach will focus initially on using machine learning techniques in the context of information sharing to decide what information is most relevant to a user of a platform and also clustering information in order to derive a clearer picture of the scope of the threat.
Founded in 2016, the National Cyber Security Centre is a UK Government organisation providing support for the public and private sector to avoid computer security threats. Based in London, its parent organisation is GCHQ.
For more information about the PhD studentship, visit:
www.surrey.ac.uk/fees-andfunding/
studentships/enhancing-cyber-security-information-sharing
