UWE Bristol | UWEcyber Research Blog

UWE Bristol researchers develop novel defence against adversarial machine learning attacks on Cyber Security Intrusion Detection Systems

Research, Business and Innovation | 5 January 20235 January 2023

As cyber attacks evolve in their sophistication, Intrusion Detection Systems (IDS) have often been seen as a way to mitigate threats on computer networks.

Yet, attackers continue to evade detection and cause disruption through the spread of malicious software and other common attack processes. There is a growing trend of being able to evade machine learning systems to conduct attacks, by effectively compromising the intended functionality of the machine learning system.

Recent work by Andrew McCarthy, a PhD student at UWE Bristol studying cyber security analytics, has been able to demonstrate both the feasibility of conducting such attacks against Intrusion Detection Systems, as well as proposing a novel approach to combat against the vulnerabilities that machine learning classifiers may exhibit.

Whilst the domain of adversarial machine learning often addresses computer vision systems, this cutting-edge research applies these concepts in cyber security, to understand what future threats may look like, and how best to develop Intrusion Detection Systems to avoid such vulnerabilities.

The results of Andrew’s recent PhD work have just been published in the high-ranking Journal of Information Systems and Applications (Elsevier). Andrew is in the final stages of completing his PhD study, working with Professor Phil Legg (Director of Studies) and supported by industry partner Techmodal through the UWE Partnership PhD scheme.

The full paper is available online.

Cyber Security in Connected Places: Attack Detection in RPL-based Internet of Things

Research, Business and Innovation | 12 September 202212 September 2022

By Sarfraz Brohi, Senior Lecturer Cyber Security

Connected places such as smart cities have enabled urban planners to improve citizens’ quality of life by collecting, storing, processing and analysing data. Internet of Things (IoT) is one of the driving technologies of connected places. It integrates different city functions such as parking systems, mobility services, waste management, healthcare and emergency services. Unfortunately, IoT has vulnerabilities that attackers could exploit due to the massive processing of sensitive data. Cyber security breaches in IoT-powered connected places could violate citizens’ privacy, endanger life and cause economic disaster.

IoT security encompasses a massive area of research with a wide array of open challenges. Dr Sarfraz Brohi (Senior Lecturer in Cyber Security at CSCT-UWE, Bristol) collaborated with the researchers from Taylor’s University, Malaysia (Dr Noor Zaman: Cluster head for cyber security research, Ms Fatima Zahra and Dr Navid Khan) and Taif University, Saudi Arabia (Dr Mehedi Masud and Dr Mohammed A. AlZain) to address crucial IoT-specific rank and wormhole attacks by creating a machine learning model.

The fundamental components of an IoT-enabled infrastructure usually include sensors, RFIDs, microcontrollers and digital devices. These components are low power and lossy due to their small size and simple architecture. Therefore, they use lightweight routing standards and protocols for data transmission. RPL is one such protocol used in IoT networks. RPL-based IoT networks are vulnerable to two types of attacks: WSN-inherited attacks and RPL-specific attacks. Rank and wormhole attacks are examples of high-impact attacks from these categories where attackers target the protocol and sensor network vulnerabilities to disrupt network functionalities and compromise resources.

F. Zahra, NZ. Jhanjhi, SN. Brohi, NA. Khan, M. Masud, and MA. AlZain, generated a dataset and developed a model for detecting RPL-specific and WSN-inherited attacks in RPL-based IoT: LIoTN-RPL dataset and MC-MLGBM model. The LIoTN-RPL data pool consists of network traffic data extracted from various network models. These network models have been designed considering three scenarios – one benign and two attack scenarios – and simulated based on the number of IoT nodes and state of nodes. The MC-MLGBM classifies three target classes and addresses two attacks. In this research, they have used accuracy, precision and recall to evaluate the proposed model. To avoid accuracy bias, they have also used cross entropy, Cohen’s Kappa, and MCC as performance evaluation metrics. The existing models usually focus on one category of attacks. The proposed model provides a conceptual framework for aggregately addressing both in RPL-based IoT networks.

The results of this research are discussed in the paper “Rank and Wormhole Attack Detection Model for RPL-based Internet of Things using Machine Learning”, published in the MDPI Sensors special issue on Advances in IoT Privacy, Security and Applications. Authors have reviewed recent methodologies for addressing security issues in IoT and techniques used to detect the attacks. Furthermore, they have analysed the data collection methods in the research domain. This research observed the scarcity of publicly available RPL attack datasets and the prevalence of self-generated datasets using simulators like Cooja. The future direction of this research focuses on more experiments by designing and simulating other RPL-specific and WSN-inherited attack models. LIoTN-RPL will be released as an open-source dataset to the research community to facilitate the development of ML models for attack detection in RPL-based IoT networks.

Read the full article.

UWE Bristol hosts one of region’s largest cyber security events to attract future talent

Research, Business and Innovation | 6 July 20226 July 2022

Last month UWE Bristol hosted the Unlock Cyber Taster Day at Frenchay campus, which was attended by over 300 young people.

Students aged 12 to 14 participated in hands-on activities including manipulating a Scalextric track to improve the performance of model racing cars.

The event was run by Unlock Cyber, an employer-led initiative established by UWE Bristol to build a community of young cyber security enthusiasts with the right skills to follow a career into the sector.

Industry and cyber representatives from across the West of England region attended the event yesterday in the School of Engineering building to deliver the cyber activities for schoolchildren.

UWE Bristol Cyber Schools Outreach Manager Elaine Brown, who manages the Unlock Cyber project, said: “Young people often think that employers need you to have a lot of technical expertise when in fact this is not the case. They are looking for applicants with good communication skills and enquiring minds, who enjoy problem solving and can work under pressure. We’re trying to engage with and excite more young people, especially girls, who probably think cyber is not for them, to ensure that cyber is more diverse and inclusive. Our biggest challenge moving forwards is how we can cope with the level of demand from schools.”

Kevin Milwood, Cyber Risk Manager from Hargreaves Lansdown, said: “Unlock Cyber stands for what I believe in – giving young people the opportunity to learn about careers in cyber. It’s such an important area for business and I’m passionate about doing what I can in the local area to develop the UK’s skills supply chain to meet the ever-increasing demand for cyber experts. The national curriculum is currently quite limited, so it’s great that Hargreaves Lansdown can get involved with a programme like this that lets us share our expertise.”

Ben Waring, HR and Resourcing Advisor at Leonardo Cyber Security Division in Bristol, said: “Cyber threats are a reality for all of us, so we want to respond to these long-term threats in a positive manner by generating future career opportunities for young people. For the Unlock Cyber taster day, our apprentices have designed a Cyber Crime scene, testing the students’ knowledge of how cyber criminals might target them and use any available information against them. This activity also helps students think about how they can better protect themselves and their family from cyber crime.”

UWE Bristol has worked with the National Cyber Security Centre (NCSC) and regional partners to develop the Unlock Cyber programme. The university has been recognised by NCSC for its excellence in cyber security education, across its outreach activities through Unlock Cyber, its taught programme at UWE Bristol, and its work across the region and the wider UK to improve cyber security education.