Cyber Security research theme

Title: Advancing software fuzzing techniques through the exploration of cryptographic concepts and machine learning.

Abstract: Modern software and networks are the backbone of our digital society, yet they are increasingly susceptible to security vulnerabilities that malicious actors may exploit. Effectively addressing these vulnerabilities necessitates proactive and automated strategies to identify and mitigate risks, particularly within large-scale datasets. Fuzzing has emerged as a pivotal technique in this field; however, traditional methods encounter significant challenges related to deep bug discovery, input quality, and scalability. Leveraging machine learning (ML) techniques, including advanced architectures such as Long Short-Term Memory (LSTM), Generative Adversarial Networks (GANs), and Gated Recurrent Units (GRUs), and categorizing them provides a clear roadmap and perspective for solving the problem. This dissertation begins by categorizing the integration of various machine learning models, including Traditional ML (TML), Deep Learning (DL), Reinforcement Learning (RL), and Deep Reinforcement Learning (DRL), and reviews advancements, methodologies, and challenges in applying these paradigms to fuzzing. Building on this foundation, we propose novel enhancements to fuzzing tools by integrating cryptographic structures. Specifically, we embedded substitution-permutation networks (SPNs) and Feistel networks (FNs) into the custom mutator of the AFL++ framework, referred to as the HonggFuzz library. This resulted in the development of a new custom mutator, HonggFuzz+, which demonstrates improved performance in identifying software bugs and discovering new code edges through optimised search space exploration. Preliminary experimental results, focusing on the number of unique bugs identified across various targets, validate the effectiveness of these methods in diversifying memory region relationships, paving the way for advancements in fuzzing tool development.

In the next stage, we extended the experiments to a wider range of targets and optimised the implementation of Feistel-inspired transformations (Feistel swaps) by integrating them directly into the baseline of AFL++. This approach eliminated the need for a custom mutator while streamlining the integration of cryptographic mutators and enhancing randomisation efficiency. Additionally, we addressed challenges related to code coverage and random number generation (RNG) bias by leveraging a larger-scale benchmark, fuzzbench. We present three innovative fuzzing models—CAFL++, PCGAFL++, and CPCGAFL++. These integrate Feistel-inspired transformations and unbiased RNG mechanisms into AFL++, resulting in enhanced code coverage and stability. Our evaluation across multiple targets highlights the advantages of these approaches, particularly in reducing performance variability and enhancing bug discovery. Finally, we investigate the role of neural network optimisations in fuzzing, employing techniques like LReLU to counteract gradient vanishing issues, Nesterov-accelerated Adaptive Moment Estimation (Nadam) for refined weight updates, and sensitivity analysis for model refinement. These innovations, coupled with game-theoretic insights, demonstrate significant improvements in fuzzing efficacy, achieving better accuracy, edge coverage, and unique bug identification compared to baseline methods. This dissertation thus contributes novel methodologies and insights to advance the state-of-the-art in software fuzzing, enhancing both its effectiveness and reliability in the evolving cybersecurity landscape.

Director of Studies: Professor Phil Legg
Supervisors: Dr Antisthenis Tsompanas and Professor Jun Hong

Title: Interactive machine learning for identifying threats to security and service in large-scale mobile networks.

Abstract: The use of machine learning for predictive analytics is an expansive and continually changing field, in concern to both real, and non-real time environments. Ensuring effective security alerting practices and providing consistent service with machine learning-based services has emerged as a competitive and continually improving area, with balance proving to be a developing challenge. Existing research in interactive, and explainable based machine learning systems to serve service and cybersecurity purposes has seen significant growth, however also dawning concerns and challenges to performance-based needs and privacy considerations. largely unexplored is the adaptive, and interactive usage of novel interactive and explainable machine learning methods to continually adapt and serve the needs of predictive systems, deterring threats pre-emptively and ensuring the service and safety to large scale network systems, of which our application area is telecommunications. 

Director of Studies: Professor Phil Legg
Supervisor: Professor Jim Smith
Industry partnership: Ribbon Communications

Title: Hybrid outlier clustering method using a novel dataset in intrusion detection systems.

Title: Securing IoT systems using emerging blockchain variants, decentralised identity and proof of location.

Abstract: This research proposes a novel blockchain consensus algorithm, PoLBFT, which combines Proof of Location and Practical Byzantine Fault Tolerance to enhance the security of IoT systems. The study examines the inherent insecurity of IoT environments and the limitations of existing centralized solutions, categorizing key security challenges into Privacy, Invulnerability, and Trust. To address these, a decentralized architecture is proposed, leveraging blockchain technologies selected through an evaluation of emerging frameworks. The PoLBFT algorithm is designed to meet the resource constraints of IoT devices while improving the security and efficiency of traditional blockchain consensus methods.

Director of Studies: Dr Djamel Djenouri
Supervisor: Dr Essam Ghadafi (Newcastle University)

Title: Graph-based group anomaly detection in IoT with deep learning.

Title: Design of a secure digital twin to detect and mitigate advanced persistent threats on cyber-physical systems in smart manufacturing.

DPhil: Low resource virtualisation security.

Title: Integrating communicating X-machines, probabilistic and machine learning models to create a rigorous runtime error detection system for Java programs.

Title: A defence model for large language models (LLMs) against multi-turn jailbreak attacks.

Title: Rust binary analysis framework (RBAF): A hybrid LLVM-IR based approach for effective decomposition of Rust-based binaries.

Abstract: As the cybersecurity landscape continues to evolve, attackers are increasingly exploiting Rust's cross-platform capabilities and unique features to create highly resilient malware. New emerging variants written in different languages can keep causing challenges as well, such as Zig. Recovering high-level type information from binaries is crucial for security analysis, vulnerability discovery, and legacy system maintenance. However, compilation often strips away symbols and type information, making it more difficult to analyse Rust-based malware. This study aims to bridge the research gap by exploring promising analysis strategies for Rust-based malware and providing information on the unique challenges posed by this emerging threat.

Director of Studies: Dr Benedict Gaster
Supervisors: Dr Nathan Renny and Professor Phil Legg

DPhil title: Federated learning: An analysis into the balance of machine learning and security.

An EPSRC-funded project under the EU CHISTER-ERA framework in collaboration with Universidad de Murcia, SIEMENS Mobility Limited, Austrian Institute of Technology. The project will develop solutions for privacy-preserving machine learning through secure management of data’s lifecycle in general distributed systems, with a focus on IoT and resource constrained networks that address two use cases: smart buildings and smart healthcare. (March 2024 – February 2027)

An Innovate UK-funded project under the KTP framework working with Service Robotics Limited, in collaboration with the School of Computing and Creative Technologies and the School of Social Sciences. The project will develop secure advanced AI enhancements to the GenieConnect robotic healthcare assistant developed by Service Robotics Limited to support proactive and preventative care models. (2025 – 2026)

A NCSC-funded project led by UWE Bristol in collaboration with Universities of Bristol, Exeter and Plymouth, to design and develop a range of novel and engaging teaching materials for cyber security education, including information risk card games, game-based learning techniques, raspberry pi and micro-bit activities, digital forensics cases, and wireless penetration testing. The project facilitated a series of regional workshops led by each partner University to engage with over 100 school teachers across the South West region, as well as showcasing the teaching activities at the NCSC UK Education Ecosystem conference. (2023 – 2024)

A DSTL-funded project in collaboration with Trimetis and Frazer Nash Consultancy that explores training capabilities for military cyber protect teams and how human and machine-based decision support systems can assist for analysing and acting to protect hostile cyber environments. (January 2023 -October 2023)

A DSTL-funded project in collaboration with Trimetis and Frazer Nash Consultancy that explores human reporting mechanisms for suspicious behaviour, and how human reporting can be processed and coupled with machine observable attributes, to provide proactive security for organisations. (January 2023 - October 2023)

A UKRI Innovate UK-funded project, in collaboration with Synalogik Innovations Ltd, as well as Cardiff University and the University of Reading, to explore improving both the production and analysis of the SARs process, resulting in more efficient capability to investigate and respond to cyber crime and financial crime activity. (September 2022 - March 2024)

A DSTL-funded project in collaboration with Trimetis, PA Consulting and QunetiQ. Within this project, we conducted a deep dive investigation into current and future considerations of how AI should be utilised in military, security, and defensive operations, including incident response and training activities. This project served as part of the ongoing "Autonomous Resilience in Cyber Defence" programme that DSTL operate. (2022)

CAVForth, funded by both UKRI Innovate UK and the Government Centre for Connected Autonomous Vehicles (CCAV), in collaboration with the Bristol Robotics Laboratory, Fusion Processing, and Stagecoach, developed a fully autonomous bus service in Scotland. The CSRC Cyber Security team contributed towards the cyber security assessment of this project, to ensure that safe and secure mechanisms are in place for vehicle operations. (2020-2022)