Division of Cyber Security

BSc (Hons) Ethical Hacking

BSc (Hons) Computing

The Division’s MSc in Ethical Hacking and Cyber Security course equips students with the skills and expertise needed to enter the cyber security industry. Topics include

• Ethical Hacking
• Digital Forensics
• Penetration Testing
• Information & Network Security Management.

Cyber Security MSc, MPhil, PhD by Research

The areas of computer security and software development are often regarded separately, each with minimal consideration for the other. However, a large number of security flaws are caused by a limited understanding of how poor coding practices can be exploited by a malicious hacker. In partnership with industry, we are exploiting design patterns to increase secure coding awareness in software developers.

We have analysed and catalogued security threats and vulnerabilities in order to better understand their root cause and identify appropriate techniques to improve communication of security problems. The academics are Dr Natalie Coull, Dr Ian Ferguson, Dr Gavin Hales and Dr Adam Sampson.

This combination of root cause and the security problem are encapsulated in vulnerability anti-patterns as a means to transfer knowledge from the cybersecurity community to the software development community to ensure that secure software is developed from the outset. Our findings show that these anti-patterns can improve software developers’ ability to recognise vulnerabilities in systems and how they can be exploited. Further research will measure the longer-term impact of this improved awareness on the overall security of the developers’ software.

Any computer network is potentially vulnerable to cyber attacks. Every network has an attack surface, i.e., the set of devices on the network and the ways in which the surface may be attacked, and threats can occur at any point on that landscape. In addition to this general threat, many common household devices are now being connected to the Internet, and newly developed devices are also being introduced into people's homes. The number of devices connected to the Internet is expected to reach 75 billion by 2025. In a number of cases, these devices have security flaws that can compromise the privacy of the owners, or can be subverted to be used as a means to attack other systems.

We are developing novel solutions to effect pervasive security and privacy for networks in general and IoT devices in particular. For example, we have used artificial neural networks, a machine-learning technique, to build an intrusion detection system able to detect a range of Distributed Denial of Service attacks. We are also exploiting off-the-shelf massively parallel architectures such as GPUs by exploring distributed computation approaches and refactoring the underlying data to significantly reduce its size and so improve on existing algorithm performance.

Cybersecurity is in part a technical challenge anda human challenge: it depends on the interplay between users and security technology in societal and industrial contexts.

A key aspect of cybersecurity is encouraging users to behave safely online.

Many online activities attract risks; some of these are known to the user and some are not. We have drawn on techniques from nudge theory and affective computing to encourage safe behaviour online. We have successfully nudged users through visual cues in a web browser into choosing longer and stronger passwords during a system enrolment task. We have developed a system that automatically detects risky online behaviour and provides feedback on risky behaviour in real time.

Extending human-centred security beyond cybersecurity, and in partnership with industry we have investigated the perceived influence of social presence at self-service checkouts by staff and its perceived effect on dishonest customer behavior. Our findings show that the perceived motivational and situational factors contributing to theft are complex, and surveillance in its current form does not appear to provide a sufficient social presence to prevent potential theft at self-service checkouts.

Digital devices play an important role in our everyday lives and the nature of the data stored on these devices will paint a vivid picture of the life of its owner. Patterns of behaviour and social connections are deeply embedded in much of this data. For institutions such as law enforcement, this digital forensic data can serve as invaluable evidence, yet the sheer volume and complexity of these data makes analysis challenging. 

We are combining our expertise in digital forensics with the knowledge in the Division of Computing and Mathematics in augmented and virtual realities to discover new ways of exploring these highly complex digital forensic datasets. The academics are Dr Ethan Bayne, Dr Gavin Hales, Dr Ian Ferguson and Mr Paul Robertson. If we can successfully harness augmented and virtual realities, we will drive marked increases in investigative efficiency.

In our games programming research, we also make use of the rendering and compute functionalities offered by the GPU to increase spatial and temporal scale of simulations. Interpretation of simulation output can be challenging and we advocate the 'built-in' visual simulation afforded by GPGPU implementations that employ optimisations that are standard in the production of real-time interactive scenes.

Our expertise in programming also extends to design patterns and in partnership with the Division of Cybersecurity we have been developing design patterns to improve computer system security.