黑料网

Digital Future Institute / Cyber Technology Innovations

Cyber Technology Innovations

Working to provide a safe, secure, resilient and adaptable digital landscape, our research empowers businesses to combat the growing threat of Cyberattacks.

Work in Cyber Technology Innovations (CTI) addresses fundamental challenges in socio-technical and formal methods, developing cutting-edge solutions that integrate human and technical approaches to Cybersecurity. By leading the national dialogue in cyber skills training and through innovation and expertise, we help shape the future and secure the digital world.

Areas of Expertise

The CTI is a collaborative research hub which focuses on the development of knowledge and technologies to ensure a smart, safe and secure cyberspace.

It brings together the expertise of three research groups: the Cyber Security Centre (CSC); the Software Technology Research Laboratory (STRL) and the Context Intelligence and Interaction Research Group (CIIRG).

Cyber Security Centre (CSC)

The CSC has a proven track record of delivering research with significant impact for industry – for example, through its specialisation in Industrial Control Systems, it has been recognised as an Airbus Centre for Excellence in SCADA cyber security and forensics.

The CSC’s research incorporates areas such as privacy, cryptography, intrusion/anomaly detection and malware mitigation, software and application security, hardware security, digital forensics and human factors of security.

Funding has successfully been secured from publicly funded research bodies and commercial contracts to advance the creation of safe, smart, secure technologies both individually and as members of national/international consortia. For shorter term projects we also offer a range of consultancy services by research active members of staff.

For more information about CSC, please contact Dr Richard Smith, Associate Professor of Cyber Security at rgs@dmu.ac.uk

Software Technology Research Laboratory (STRL)

The STRL has a long history of developing and delivering high quality research and teaching in the field of software engineering. With high levels of expertise in the development of provably correct computer systems methods and tools, the STRL is dedicated to delivering research that has a positive impact on the real world.

STRL consists of four key research themes:

  • Provably correct systems
  • Theory and computational paradigms;
  • Requirement and knowledge engineering;
  • Semantic web and service-orientated computing;

Work undertaken by the STRL aims to study, analyse and advance formal approaches to the specification, design and the evolution of computing systems, with emphasis being placed on those that are used in critical applications.

For more information about STRL, please contact Dr Francois Siewe, Reader in Computer Science at fsiewe@dmu.ac.uk

Context Intelligence and Interaction Research Group (CIIRG)

CIIRG undertakes interdisciplinary research through integration, synergy and innovation to address diverse problems closely related to the society and economy. These include, for example, enabling personalised healthcare systems to cope with demographic change, or engineering resilient and sustainable cyber physical smart infrastructure, or supporting smart transport and efficient energy for future smart cities, which all involve to build and analyse complex smart systems comprising sensing devices, interacting agents, including people and other organisms, embedded systems, robots and autonomous software agents within open, pervasive environments.

CIIRG is centred on the following three broad research themes:

  • Context modelling and inference, context-aware systems, activity modelling and recognition, computational behaviour analysis, pattern recognition.
  • Cognitive modelling (speech acts), semantic /knowledge based intelligent processing, autonomy and learning, e.g. agents and robots, data analytics, emergent intelligence.
  • Multi-modal human machine interactions (e.g. touch screen, gesture, speech), personalisation, adaptation, user-centred design

For more information about CIIRG, please contact Dr Feng Chen, Senior Lecturer at fengchen@dmu.ac.uk

Research projects

Below are some examples of projects currently running at the CTI. For a full list please feel free to contact us via may.docherty@dmu.ac.uk or contact the relevant academic directly.

Protecting Medical Data: A Novel AI-Driven E-Healthcare Solution using Post-Quantum Lightweight Cryptography

Mujeeb Rehman, Muhammad Kazim, Richard Smith

The TeleHealth-CyberShield aims to address the escalating issue of cybercrime in the healthcare industry. With the increasing reliance on the internet, the UK experienced a substantial escalation in cybercrime activities during the past few years. A significant portion of the estimated cost of cybercrimes has been attributed to the National Health Service (NHS) and healthcare services attacks. TeleHealth-CyberShield leverages cutting-edge technologies to protect medical data from a large number of cyberattacks. Our product will be cost-effective and efficient in terms of data security and will be easily integrated with existing e-healthcare systems, providing enhanced cyber resilience through a post-quantum solution.

PhillitedPhish

Trevor Wood, Iryna Yevseyeva, Eerke Boiten, Vitor Bastor-Fernandes

It is estimated that cyber-attacks cost UK businesses £37bn per year, most of whichends up in the hands of organised crime. It is also estimated that around 90% ofthese attacks start with a phishing email.Many phishing emails have been relatively easy to spot in the past as they containpoor spelling, grammar, and sentence structure. However, with generative AI nowbeing more accessible, it is easier to make phishing emails more realistic andremove these obvious markers. Moreover, these phishing emails are designed tobypass spam filters without being detected.Philleted Phish will detect phishing emails, whether they attempt to trick victims intovisiting a phishing website or perform some other action, such as transferring moneyto the attacker's bank account or providing information useful to a larger socialengineering attack. Unlike current phishing email detection software, it can be usedby domestic users, micro-businesses, and SMEs without requiring expensive andspecialised hardware.

Towards Security Assurance For Cyber Physical Systems - RITICS Fellowship

Ashraf Tantavy

Existing cyber physical systems are rarely tested during runtime due to potential testing impact on system operation. Short periods of planned system shutdowns, taking place over extended periods of time (typically 2-3 years in the process control industry), cannot be used for security testing because either the control system would be powered off, or there would be planned upgrade activities that could conflict with testing. The end result is that security mechanisms are deployed without an accurate assessment of their effectiveness. The fellowship scope is to Develop a roadmap for technologies, solutions, and processes to enable runtime security assurance for cyber physical systems

Example Projects

ACROSSING: Advanced Technologies and Platform for Smarter Assisted Living

Liming Chen, Feng Chen

EU Horizon2020, 10 beneficiaries, €3.88M (黑料网 share €980K). 01/2016-12/2019

ACROSSING is an EU Horizon2020 Marie Sk艂odowska-Curie European Training Network, led by the CIIR research group at 黑料网, in which 15 research projects will address the drastic demographic change and its impact on our society and economy. It will carry out inter/multi-disciplinary, cross-sector research to develop flexible, interoperable underlying technologies which are then applied to and evaluated in multiple real application scenarios, leading to specialized technology infrastructures and best-practice application demonstrators. In addition, the project will train young researchers to become future research leaders with strong academic-related competences, forward-thinking visions, wider perspectives, innovation mind set and extensive research networks.

Eerke Boiten, Edward Cartwright, Lee Hadlington, Fenia Ferra

EPSRC, £900K across 6 sites: 黑料网 (lead), Leeds, Kent, Newcastle, Coventry, City; 2017-2019

Ransomware is a significant cybercrime threat that is showing the potential to be exploited at scale and at high profit by organised crime. The EMPHASIS project is funded by EPSRC under the Human Dimensions of Cyber Security call, and part of the . It studies the problem of ransomware from the perspectives of many disciplines: computer science, psychology, economics, law, and criminology. It aims to achieve an understanding of the crime in a technological and business sense, the victims, the perpetrators, and consequently ways to mitigate it through technical, policy, public information, and law enforcement methods.

Air4ICS: Agile Incident Response For Industrial Control Systems

Helge Janicke, Richard Smith, Ying He

NCSC/RITICS, £250K plus £160K in-kind from industrial partners, 2019-2020

The aim of this research is to establish and evaluate how agile methods and techniques will be integrated into traditionally incident response processes to yield a value-focused and dynamic approach that embeds incident response in the overall business. The research will take into account changing risks and impacts during the course of an attack and maximise business utility by deriving value directly from the business processes the ICS is supporting. The main objective is to deliver an Agile Incident Response framework (AIR4ICS) that is tailored to the particular challenges of ICS to address the cyber physical nature and impacts of Incident Response.

ACTIVE: Adaptive Cyber Threat Intelligence for Security Investment Optimisation

Ying He, Iryna Yevseyeva, Helge Janicke, Eerke Boiten

InnovateUK, ~£100K, 2018-2019

Due to GDPR, all organisations have to invest into security. There are lots of security defence solutions available in the market, but how much to invest and how to distribute investment and into which resources? This InnovateUK project leading to the establishment of a product and company, ACTIVE, provides an adaptive cyber threat intelligence solution to help decision makers/CISOs to optimise security investment and resource utilisation. The product offers as its unique feature the visualization of security investment in real time and a reporting dashboard, allowing CISOs to produce reports to justify security cost. By making the security investment transparent, this product will benefit both security critical businesses, especially those dealing with critical national infrastructure (CNI), and cyber liability insurance companies.

PryMe, a Universal Framework to Measure the Strength of Privacy-enhancing Technologies

Isabel Wagner and Yuchen Zhao

EPSRC, £90K, 2017-2018

Privacy metrics are used to show how effective new privacy-enhancing technologies are, i.e. to what extent they are able to protect privacy, by measuring the amount of privacy the technologies provide. Even though many privacy metrics have been proposed, there are many studies showing their shortcomings in terms of consistency, reproducibility, and applicability in different application domains. This is an important issue because use of a weak privacy metric can lead to real-world privacy violations if the privacy metric overestimates the amount of privacy provided by a technology.

This project investigates privacy metrics for several application domains, including genomics, vehicular networks, smart metering, social network, and data publishing.

Investigative interviewing of cybercrime victims to gain best evidence

Eerke Boiten, Fenia Ferra, Dave Walsh

Home Office/, £70K, 2019

The project sets out to study and improve techniques for interviewing of cybercrime victims, by answering the following questions:

  • How can police interactions with cybercrime victims improve and encourage their reporting of crimes?

  • How do law enforcement undertake investigative interviews with cybercrime victims? How can such interviews be improved? What training is required?

  • What are the characteristics of cybercrime victims that might positively or negatively affect their recall? How does this differ across a range of cybercrime offences?

FLOURISH: Empowerment through Trusted Secure Mobility

Francisco Aparicio Navarro, Leandros Maglaras, Helge Janicke, Eerke Boiten, Dimitris Kosmanos

InnovateUK/Airbus, 2018-2019

FLOURISH is a multi-sector collaboration, helping to advance the successful implementation of Connected and Autonomous Vehicles (CAVs) in the UK, by developing services and capabilities that link user needs and system requirements. This project seeks to develop products and services that maximise the benefits of CAVs for users and transport authorities. FLOURISH will address vulnerabilities in the technology powering CAVs, with a focus on the critical areas of cyber security and wireless communications. The Cyber Technology Institute is involved in Work Package (WP) 5.6: Anomaly detection. The purpose of this WP is to design and develop an operational AI based anomaly detection system.

Privacy Protection Research for IoT enabled Smart Healthcare Systems

Liming Chen, Raouf Hamzaoui

China NSF and UK Newton Fund, Royal Society International exchange programme, £24K, 04/2018 – 03/2020

This project investigates the nature, characteristics, computational models and algorithms for representing, measuring and assessing privacy, and how privacy-aware / privacy-friendly healthcare systems can be supported so people need not to worry about their personal or behavioural or medical information being leaked or stolen. The outcomes is expected to significantly improve the maturity and acceptability of smart healthcare technologies and systems, thus leading to improved quality of life for the ageing population. The project is undertaken jointly by combining relevant research expertise and results generated from a funded China NSFC project and the funded EU Horizon 2020 MSCA ACROSSING project.

Publications

Below are some examples of CTI publications from recent years. For a complete list, please contact us.

2023

  • Ahmed, A.A., Al-Bayatti, A., Saif, M., Jabbar, W.A. and Rassem, T.H. (2023) A Honeybee-Inspired Framework for a Smart City Free of Internet Scams. Sensors, 23, (9), 4284

  • Alsalemi, A., Amira, A., Malemohamadi, H. and Diao, K. (2023) Novel domestic building energy consumption dataset: 1D time series and 2D Gramian Angular Fields representation. Data in Brief, 17, 108985

  • Angafor, G.N., Yevseyeva, I. and Maglaras, L. (2023) Scenario-Based Incident Response Training: Lessons Learnt from Conducting an Experiential Learning Virtual Incident Response Tabletop Exercise. Information and Computer Security

  • Bashendy, M., Tantawy, A. and Erradi, A. (2023) Intrusion Response Systems for Cyber-Physical Systems: A Comprehensive Survey. Computers & Security,124, 102984

  • Galli, T., Chiclana, F., Siewe, F. (2023) Practical Consequences of Quality Views in Assessing Software Quality. Axioms, 12 (6), 529

  • Jaleel, M., Kucukler, O. F., Alsalemi, A., Amira, A., Malekmohamadi, H. and Diao, K. (2023) Analyzing Gas Data Using Deep Learning and 2-D Gramian Angular Fields. IEEE Sensors Journal, 23 (6), pp. 6109-6116

  • K. A. Dhanya, P. Vinod, Yerima, S. Y., Bashar, A., David, A., T. Abhiram, Antony, A., Shavanas, A. K. and Kumar, G. (2023) Obfuscated Malware Detection in IoT Android Applications Using Markov Images and CNN. IEEE Systems Journal, 17 (2), pp. 2756 – 2766

  • Wang, D., Chen, L., Lu, X., Dufaux, F., Li, W. and Zhu, C. (2023) FAST LEARNING-BASED SPLIT TYPE PREDICTION ALGORITHM FOR VVC. IEEE International Conference on Image Processing (ICIP

  • Yerima, S. Y. (2023) High Accuracy Detection of Mobile Malware Using Machine Learning. Electronics, 12 (6), 1408

  • Zarrabi, F., Wagner, I. and Boiten, E. (2023) Changes in Conducting Data Protection Risk Assessment and After GDPR implementation. arXiv preprint arXiv:2304.11876.

2022

  • Al Islam, M., Fung, C.J., Tantawy, A. and Abdelwahed, S. (2022) A Game-Theoretic Model for DDoS Mitigation Strategies with Cloud Services. In: NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, IEEE

  • AlMarshoud, M. S., Al-Bayatti, A.H. and Kiraz, M.S. (2022) Location Privacy in VANETs: Provably Secure Anonymous Key Exchange Protocol Based on Self-Blindable Signatures. Vehicular Communications, 36, 100490

  • Alsalemi, A., Amira, A., Malekmohamadi, H. and Diao. K. (2022) Lightweight Gramian Angular Field Classification for Edge Internet of Energy Applications. Cluster Computing

  • Alsalemi, A., Amira, A., Malekmohamadi,, H., Diao, K., Bensaali, F. (2022) Edge Deep Learning for Smart Energy Applications. In: Verma, A., Verma, P., Farhaoui, Y., Lv, Z. (Eds.) Emerging Real-World Applications of Internet of Things, Boca Raton: CRC Press

  • Arenas, M.P., Bingol, M.A., Demirci, H., Fotiadis, G. and Lenzini, G. (2022) A Secure Authentication Protocol for Cholesteric Spherical Reflectors using Homomorphic Encryption. In: Batina, L., Daemen, J. (Eds.) Progress in Cryptology - AFRICACRYPT 2022. Lecture Notes in Computer Science, Cham: Springer, 13503. pp. 425–447

  • BinJubier, M., Ismail, M.A., Ahmed, A.A. and Sadiq, A.S. (2022) Slicing-based enhanced method for privacy-preserving in publishing big data. Computers, Materials and Continua

  • Colreavy-Donelly, S., Ryan, A., O’Connor, S., Caraffini, F., Kuhn, S. and Hasshu, S. (2022) A Proposed VR Platform for Supporting Blended Learning Post COVID-19. Education Sciences, 12 (7), 435

  • Dhafer, A.H., Mat Nor, F., Alkawsi, G., Al-Othmani, A.Z., Ridzwan Shah, N., Alshanbari, H.M., Bin Khairi, K.F. and Baashar, Y. (2022) Empirical Analysis for Stock Price Prediction Using NARX Model with Exogenous Technical Indicators. Computational Intelligence and Neuroscience, Special issue: Artificial Intelligence and Machine Learning-Driven Decision-Making, 2022, 9208640, pp.1–13.

  • Edwards, J., Aparicio-Navarro, F.J., Maglaras, L. and Douligeris, C. (2022) FFDA: A novel Four-Factor Distributed Authentication mechanism. IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece, August.

  • Golabi, A., Erradi, A., Tantawy, A. and Shaban, K. (2023) Detecting deception attacks in cyber鈥恜hysical linear parameter varying systems with packet loss. International Journal of Adaptive Control and Signal Processing, 37, (3) pp. 726-749

  • Kemp, R., & Smith, R. (2022). Combining Security and Safety Risk Management in Critical Infrastructure. Journal of Network & Information Security, 10(1).

  • Loft, P., He, Y., Yevseyeva, I. and Wagner, I. (2022) CAESAR8: An agile enterprise architecture approach to managing information security risks. Computers & Security, 122, 102877

  • Tantawy, A., Abdelwahed, S. and Erradi, A., (2022) Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber-Physical Systems. IEEE Transactions on Reliability, 71 (2), pp. 1075-1091

  • Yerima, S.Y. and Bashar, A. (2022) A Novel Android Botnet Detection System Using Image-Based and Manifest File Features. Electronics. 11 (3). 486

2021

  • Al-Marshoud, M.S., Al-Bayatti, A.H., Kiraz, M.S. (2021) Improved Chaff-Based CMIX for Solving Location Privacy Issues in VANETs. Electronics. 10 (11), 1302

  • Al-Shujaa, A., Nabi, M., Al-Maatouk, Q., Al-Othmani, A. Z., and Rahman, N. (2021) A Fingerprint Authentication for Android-Based Healthcare Appointment Scheduling System. International Journal of Current Research and Review, 13 (12), pp. 118–122

  • Bicer, O., Bingol, M.A., Kiraz, M., Levi, A. (2020). Highly Efficient and Re-executable Private Function Evaluation with Linear Complexity. IEEE Transactions on Dependable and Secure Computing, 19 (2), pp. 835-847

  • Galli, T.; Chiclana, F.; Siewe, F. (2021) Genetic Algorithm-Based Fuzzy Inference System for Describing Execution Tracing Quality. Mathematics, 9, 2822

  • Mohammed, K., Ayesh, A., Boiten, E. (2021) Complementing Privacy and Utility Trade-Off with Self-Organising Maps. Cryptography, 5(3), 20.

  • O’Connor, S., Hasshu, S., Bielby, J., Colreavy-Donnelly, S., Kuhn, S., Caraffini, F., Smith, R. (2021) SCIPS: A Serious Game Using A Guidance Mechanic To Scaffold Effective Training For Cyber Security. Information Sciences, 580, pp. 524-540

  • Obermaier, C., Riebl, R., Al-Bayatti, A.H., Khan, S., Facchi, C. (2021) Measuring the Realtime Capability of Parallel-Discrete-Event-Simulations. Electronics, 10, 636

  • Reisinger, T., Wagner, I. and Boiten, E.A. (2021) Security and Privacy in Unified Communication. ACM Computing Survey, 55 (3), 55

  • Smith, R., Janicke, H., He, Y., Ferra, F., & Albakri, A. (2021). The agile incident response for industrial control systems (AIR4ICS) framework. Computers & Security, 109, 102398.

  • Tariq, U. U., Ali, H., Liu, L., Hardy, J., Kazim, M. and Ahmed, W. (2021) Energy-Aware Scheduling of Streaming Applications on Edge-Devices in IoT-Based He