Skip to main content

We are a leading UK academic research unit for cyber security analytics, focused on the interpretation and effective communication of applied data science and artificial intelligence methods through interdisciplinary insights into cyber risk, threat intelligence, attack detection and situational awareness. Our expertise draws from computer science, data science, criminology and international relations, and our status is evidenced by publications in world leading journals and conferences, a strong PhD track record and an historic grant income of approx. £7.8m – with over £4m already secured to sustain research within the centre between 2017 and 2021.

We work across industry, academia and government to provide a focus for cybersecurity analytics in the UK. As the first centre of its kind in Europe, we aim to strategically position the UK as a leader in cybersecurity analytics. We are known as a go-to place for data-science and AI insights on cyber threats – especially in support of the AI sector deal in the UK industrial strategy and the National Cyber Security Centre’s focus on Active Cyber Defence.

As an example of our impact, in the last 18 months we have: translated new methods and tools for real-time dynamic risk modelling into an Airbus spin out, which is now protecting critical national infrastructure; integrated our world class research on malware classification based on behavioural DNA profiling of machine activity using AI into Airbus’ Security Operations Centre (SOC); and provided written and oral evidence on the cyber threats associated with online social networks to a Home Affairs Select Committee in Westminster.

We are addressing emerging challenges to cybersecurity by combining:

  • computational and mathematical methods, drawing on our technical expertise in machine learning, artificial intelligence and big data analytics
  • criminological expertise in cyber crime
  • international relations expertise in communication and governance

Our collaboration with Airbus covers areas of mutual interest to the Cyber Operations Team at Airbus and Cardiff University, including data science, big data analytics, machine learning and artificial intelligence. A significant focus of our work is in the interpretation and effective communication of automated algorithmic data analytics to support decision making and policy surrounding cybersecurity issues of national importance.

Participation in the collaborative program is not limited by the organisational affiliation of scientists and will be determined by individuals' ability to contribute to the mutual objectives of the participating organisations.

Research

    Our research is underpinned by five core research themes:

    • Risk assessment and modelling – developing novel methods to formalise processes within critical infrastructures and developing new risk modelling notation that has transformed the way risk is captured. We hold a research grant worth £760k between 2017-20 to further advance the integration of cyber analytics with real-time risk assessment and modelling
    • Risk communication, governance and collective decision making – using threat intelligence and good practice – being able to make effective decisions based on information available is crucial in an ever evolving cyber threat landscape. This includes detecting and preventing mass marketing fraud. The theme also includes research on communication and international relations, including the Centre for Internet & Global Politics (CIGP), contributing to the global Internet policy debate.
    • Data-driven human and software behavioural analytics and threat intelligence – Our expertise in data science, machine learning and statistical analysis is being applied to ground-breaking research in intrusion detection via the complex analysis of software behaviours (e.g. machine learning for intrusion detection via software behaviours).
    • Motivations, dynamics and social factors of cyber crimes  – supporting theoretical data mining and explanatory social process modelling. This theme includes cyber fraud and motivations, and the social factors influencing behaviours and communication following cyber attacks.  We study the social factors associated with increased social insecurity and cyber attacks via the medium of online social networks.
    • Security and Privacy of Emerging Technologies (e.g. cloud, mobile devices and Internet of Things) – horizon scanning and forecasting the threats of the future using AI. In a fast-changing technological landscape it is essential to horizon scan and forecast the latest trends in cyber risk associated with the uptake of new technologies. We research Cloud technologies and the threat vectors associated with storing data in Cloud environments and service-level agreements. Cardiff University is an active partner in the EPSRC PETRAS national hub for Internet of Things (IoT), within which we study the emerging attack vectors and exploitation threats on IoT in an industrial control system context.

These five themes are interdependent and our interdisciplinary approach has led to publications in world-leading conferences and journals.

In addition to core academic aims around publication of world leading research and developing cutting edge taught programmes, as well as sustaining the centre with targeted applications for research funding and internal growth, we have identified three ‘grand challenges’ to focus on over the next five years:

  1. Security Operations and Situational Awareness – the use of applied data science and AI, combined with expertise in criminology and international relations, to better utilise and interpret the vast volumes of data being produced on a daily basis for prediction and management of emerging cyber threats. This includes better visualization and communication of threats between interconnected and interdependent people and processes. Without this, the UK and rest of the world will struggle to make sense of rapidly evolving attack vectors, motivations and systems at risk.
  2. Future of Secure Manufacturing – as industrial systems begin to engage with real-time monitoring and ‘Factory 4.0’, data will play a crucial role in better understanding threats to manufacturing systems. For instance, how will the Internet of Things (IoT) and Cloud be integrated into these traditionally ‘air gapped’ spaces? Will IT and OT end up being a single system instead of the perceived isolated sub networks they currently are? We aim to transform the future of manufacturing using data-driven technologies while retaining security via the integration of our research on automatic monitoring and control in safety critical systems.
  3. Governing Online Social Spaces – the Internet and Social Web have provided a massively interconnected world, which has its benefits but is already a core ecosystem for launching cyber attacks. Do we have to accept these spaces are not governable given the international reach? We aim to better understand the routine interactions in cyber space to allow us to use data to model and observe cause and effect in cyber attacks in an era of international political unrest.

Projects

Research council funding

We have been successful in attracting external cybersecurity research funding amounting to more than £7.5m. Funding has been awarded from RCUK (e.g. EPSRC, ESRC), Industry and Government. Selected grant details are listed below:

New Industrial Systems: Chatty Factories

  • Institutional PI Burnap
  • 2017-2020
  • £1.8m EPSRC

EPSRC PETRAS Research Hub, Cyber Security of the Internet of Things – Identifying Attack Vectors for Network Intrusion via IoT devices & Developing a Goal-Oriented Approach to Determining Impact Across Threat Surfaces (IoT Depends)

  • Institutional PI Burnap with Theodorakpolous, Rana and Renicke at Cardiff
  • 2017-2019
  • £136k EPSRC

SCADA Cyber Security Lifecycle 2 (SCADA-CSL 2)

  • Institutional PI Burnap with Cherdantseva and Theodorakpolous at Cardiff
  • 2017-2020
  • £760k – Endeavr Wales

Social Data Science Lab: Methods and Infrastructure Development for Open Data Analytics in Social Research

  • Institutional PI Burnap with Williams and Rana at Cardiff
  • 2017-2020
  • £450k – ESRC

Identifying and Modelling Victim, Business, Regulatory and Malware Behaviours in a Changing Cyberthreat Landscape

  • Institutional PI Rana with Burnap, Williams and Levi at Cardiff
  • 2013-2016
  • £1.1m – EPSRC

SCADA Cyber Security Lifecycle (SCADA-CSL)

  • Institutional PI Burnap with Rana and Cherdantseva at Cardiff
  • 2014-2017
  • £1.2m

Cybercrime Reduction Partnership Mapping Study

  • Institutional PI Williams with Levi at Cardiff
  • 2012-2013
  • £74k – Nominet Trust

Detecting and Preventing Mass-Marketing Fraud (DAPM)

  • Institutional PI Levi
  • 2016-2019
  • £845k – EPSRC

Privacy Protection in Event-Based Data Sharing and Analysis

  • Institutional PI Shao
  • 2011-2016
  • £515k – Royal Academy of Engineering Fellowship

Cyber-related economic crime and implications for policing approaches

  • Institutional PI Levi with Williams at Cardiff
  • 2016
  • £25k – City of London Corporation

Fear of Cybercrime and its Cybersecurity Consequences

  • Institutional PI Williams with Levi at Cardiff
  • 2015-2016
  • £25k – Home Office

Meet the team

Centre director

Academic staff

Postgraduate students

Publications

Partners

This research is made possible through our close partnership with:

Next steps

academic-school

Research that matters

Our research makes a difference to people’s lives as we work across disciplines to tackle major challenges facing society, the economy and our environment.

microchip

Postgraduate research

Our research degrees give the opportunity to investigate a specific topic in depth among field-leading researchers.

icon-chat

Our research impact

Our research case studies highlight some of the areas where we deliver positive research impact.