Division of Cyber Security

Cyber Security is one of three Divisions in the School of Design and Informatics. Research in the Division is a major part of one of Abertay’s research priority areas, namely the Security research theme. It is structured into four overlapping areas, responding to prevailing challenges of system security and the threats introduced by Internet-connected devices and to the usability of security prevention measures.

Secure System Coding

The areas of computer security and software development are often regarded separately, each with minimal consideration for the other. However, a large number of security flaws are caused by a limited understanding of how poor coding practices can be exploited by a malicious hacker. In partnership with industry, we are exploiting design patterns to increase secure coding awareness in software developers.

We have analysed and catalogued security threats and vulnerabilities in order to better understand their root cause and identify appropriate techniques to improve communication of security problems. The academics are Dr Natalie Coull, Dr Ian Ferguson, Dr Gavin Hales and Dr Adam Sampson.

This combination of root cause and the security problem are encapsulated in vulnerability anti-patterns as a means to transfer knowledge from the cybersecurity community to the software development community to ensure that secure software is developed from the outset. Our findings show that these anti-patterns can improve software developers’ ability to recognise vulnerabilities in systems and how they can be exploited. Further research will measure the longer-term impact of this improved awareness on the overall security of the developers’ software.

Threat Detection and Securing the Internet of Things 

We are developing novel solutions to effect pervasive security and privacy for networks in general and devices in particular. The academics are Dr Xavier Bellekens, Mr Ross Heenan, Mr Colin McLean and Mr David McLuskie

For example, we have used artificial neural networks, a machine-learning technique, to build an intrusion detection system able to detect a range of Distributed Denial of Service attacks. We are also exploiting off-the-shelf massively parallel architectures such as GPUs by exploring distributed computation approaches and refactoring the underlying data to significantly reduce its size and so improve on existing algorithm performance. The academics are Dr Ethan Bayne, Dr Salma ElSayed, Dr Ian Ferguson and Dr Geoff Lund

Human-Centred Security

Cyber security is in part a technical challenge and in part a human challenge, as it depends on the interplay between users and security technology in societal and industrial contexts.

A key aspect of cyber security is encouraging users to behave safely online. Many online activities attract risks, some of which are known to the user and some not. We have drawn on techniques from nudge theory and affective computing to encourage safe behaviour online. We have successfully nudged users through visual cues in a web browser into choosing longer and stronger passwords during a system enrolment task. The academics are Prof Karen Renaud and Dr Suzy Prior. We have developed a system that automatically detects risky online behaviour and provides feedback on risky behaviour in real time. The academics are Dr Jackie Archibald, Dr Ian Ferguson and Dr Lynsay Shepherd

Extending human-centred security beyond cyber security, and in partnership with industry, we have investigated social presence at self-service checkouts by staff and its effect on dishonest customer behavior. Our findings show that the perceived motivational and situational factors contributing to theft are complex, and surveillance in its current form does not provide a sufficient social presence to prevent potential theft at self-service checkouts. The academics are Mr Paul Robertson and Dr Andrea Szymkowiak.

Visual Security 

Digital devices play an important role in our everyday lives and the nature of the data stored on these devices will paint a vivid picture of the life of its owner. Patterns of behaviour and social connections are deeply embedded in much of this data. For institutions such as law enforcement, this digital forensic data can serve as invaluable evidence, yet the sheer volume and complexity of these data makes analysis challenging. 

We are combining our expertise in digital forensics with the knowledge in the Division of Computing and Mathematics in augmented and virtual realities to discover new ways of exploring these highly complex digital forensic datasets. The academics are Dr Ethan Bayne, Dr Gavin Hales, Dr Ian Ferguson and Mr Paul Robertson. If we can successfully harness augmented and virtual realities, we will drive marked increases in investigative efficiency. 

Funding

The Division’s research is supported by funding from industry and government sources.

Master’s Programme

The Division’s MSc in Ethical Hacking and Cyber Security course equips students with the skills and expertise needed to enter the cyber security industry. Topics include Ethical Hacking, Digital Forensics, Penetration Testing, Information & Network Security Management and a dissertation project, some in the areas outlined above.