World Leading Research and Innovation

Our world leading researchers are making advances in complex real-time risk modelling, human decision making, AI-driven automated cyber defence, and AI safety. Cardiff University is one of only 19 ACE-CSRs in the UK, and the first and only ACE-CSR in Wales. Home to 17 academics and more than 40 researchers from across computer science, psychology, criminology and law.

Get in touch to find out more about our research capabilities

Centre for Cyber Security Research

For more than a decade Cardiff University has been at the forefront of cybersecurity research earning a world-leading reputation for our expertise. The University was named as an Academic Centre of Excellence in Cyber Security Research by the UK’s National Cyber Security Centre (NCSC) in 2018.

We are proud to be the first institution in Wales given this status as we continue to build on the impressive expertise that already exists across the region between academia, government and business.

Our research-intensive, impact-driven ethos is fundamental to our success in this area, and as a Centre of Excellence allows us to nurture more young talent and foster a pipeline of the next generation of cyber security professionals.

Get in touch to find out more

Grand Challenges

Automated cyber defence

The use of data science and AI methods, combined with expertise in criminology, psychology and international relations, to better utilise and interpret the vast volumes of data being produced on a daily basis for prediction and real-time automated responses to emerging cyber threats. This includes robustness testing of AI algorithms, and better visualisation and explainability of AI algorithmic decisions.

Future of secure manufacturing

We aim to transform the future of manufacturing using data-driven technologies while retaining security via the integration of our research on automatic monitoring and control in safety critical systems. Our team are leading the safety critical systems theme in the National Centre of Excellence for the Internet of Things Cybersecurity (PETRAS).

Governing online harms

The Internet and Web are core ecosystems for launching cyber attacks. Do we have to accept they are not governable given their international reach? We aim to better understand the routine interactions in cyber space to allow us to use data to model and observe cause and effect in cyber attacks in an era of international political unrest.

Thematic areas

Cybercrime costs the world almost £460bn a year with businesses worldwide incurring increasing losses as a direct result of cyber attacks. The work we carry out at the Centre for Cyber Security Research (CCSR) focuses on the interdisciplinary fusion of artificial intelligence and cybersecurity, a concept we call Cyber Security Analytics.

We developed the first machine learning models to predict cyber attacks on online social networks such as Twitter, and desktop PCs you would see in every home and office. This has allowed us to make in-roads into proactively blocking and preventing attacks, rather than reacting and repairing at a later date.

Our cutting-edge research and expertise in this area has also led to our partnership with Airbus – the European aerospace corporation – to develop new ways of detecting cyber attacks using Artificial Intelligence. This partnership has been awarded funding to enhance the adoption of automated detection and response capabilities by finding and testing new ways to ‘explain’ how the AI has decided there is a malicious presence on the network to security operations experts.

Our leading research on securing AI has led to new knowledge on testing the resilience and attack susceptibility of AI- powered defence systems, by providing an understanding of the limitations of current AI-deployed implementations and informing security by design considerations. Part of this work has been funded by the Alan Turing Institute.

With increasing take up of externally provisioned and managed services (from government, finance, entertainment), often hosted over Cloud computing infrastructure, there is a realisation that on-line electronic services can involve an interlinked range of providers. However, from a user’s perspective, trust in the use of these services remains limited. Although billions of people use smartphones and the Internet now, many still do not use that connectivity for shopping, banking, and other important transactions due to limited trust in on-line providers.

The ongoing EPSRC-funded project PACE: Privacy Aware Cloud Ecosystems, addresses security and privacy requirements of environments where multiple Cloud computing providers need to work collaboratively to offer services to a user. Users of these services only interact with a Web interface rather than the larger, distributed service ecosystem, and are often unfamiliar with the “ecosystem” of providers that are involved in offering them a particular capability. Their visibility beyond the first service provider is often missing, requiring them to “trust” the provider in handling and managing their data.

We propose a mobile software “container”-based solution that will ensure that all provider accesses to user data are securely logged in a Blockchain. This will improve transparency, enable an audit trail of providers and facilitate greater trust between users and service providers.

Our industrial partners in this research are Airbus, FlexiOPS Limited, Muckle LLP Solicitor, Simudyne Limited and T-Systems North America Inc, and our academic partnerships are with Newcastle University and UCL.

Over the years, organised crime has become a significant threat to societies around the world. International organised hacker groups that are skilled  in developing hacking tools have cost financial services over €1bn across 40 countries by carrying out cyber enabled attacks such as ransomware, distributed denial of service attacks, payment card fraud, etc. To stop or reduce the harm from these organisations, government and law enforcement agencies worldwide seek ways to disrupt criminal groups effectively, preferably at an early stage.

Our work on Cyber in Organised Crime focuses on modern slavery, the sale of illicit drugs, the propagation of malware and money laundering, including ‘money muling’. The research on malware propagation focuses on the spread of malware via social media platforms.

It aims to identify malware that are produced by an organised entity and to differentiate them from those which are the result of a single individual. Perhaps more importantly, we examine the impact of different strategies aimed at disrupting the diffusion of malware on social network platforms such as Twitter.

Our solutions can support law enforcement authorities, policy makers, private and third sector organisations to respond more effectively to organised crime, as we provide tested strategies to disrupt criminal organisations resorting to online technologies and to reduce harm to vulnerable people.

Our team works with private and public sector bodies, including fraud prevention organisation CIFAS, professional services firm Deloitte, South Wales Police and the Crown Prosecution Service (CPS).

Cyber-physical systems in Critical National Infrastructure, in industrial settings, and in the home environment are increasingly being attacked by state actors and international cyber-criminals. The key characteristic of these systems is that they interact with the physical world. Successful attacks cause serious harm, including loss of human life and severe economic damage to entire supply chains.

At the Centre for Cyber Security Research (CCSR) we are developing methods for securing cyber- physical systems by detecting attacks, identifying risks, and predicting their potential impact.

We have a particular focus on Industrial Control Systems – detecting indicators of compromise and mitigating the impact of attacks through cyber incident response and lightweight security solutions. We have conducted extensive research into risk assessment in cyber-physical systems.

We have translated our research on monitoring physical symptoms into a commercial solution supported by an Innovate UK start-up grant, while our work has also received funding support for securing smart grid systems.

Our collaborations with Airbus and Thales’ National Digital Exploitation Centre (NDEC) brings our expertise to the real world.

Understanding the nature of human behaviour is a key way in which challenges to cyber security can be addressed in order to suggest ways of safeguarding individuals, companies and institutions.

The Human Factors Excellence (HuFEx) Research Group Defence and Security theme has a key focus on Cyberpsychology as does the Human-centred Technologies and Society theme of the Cardiff University Centre for AI, Robotics and Human-Machine Systems (IROHMS).

With more than £1m cyberpsychology-related funding over the past two years from the likes of Airbus, CREST, Endeavr Wales, ESRC and NCSC, our research includes systematic studies investigating human susceptibility to cyber-attack techniques. Our work focuses on the development of methods to combat this significant national and international threat.

In addition to research at Cardiff University, HuFEx Director and IROHMS Director of Research Professor Phil Morgan is currently leading a new Airbus Accelerator in Human-Centric Cyber Security in a bid to better understand human cyber strengths, vulnerabilities, and methods of securely interacting with digital systems within organisations. Findings and initiatives are being developed and tested and will be rolled out across Airbus through existing training and awareness schemes, and also shared with partners in an attempt to drive a step change in thinking for the cyber security community.

There are clear advantages to living in a world in which the collection and storage of data is so prevalent, such as using the information to improve existing services or create entirely new ones via Deep Learning, Machine Learning and AI techniques.

However, there are also clear downsides when this same data can be sensitive (eg. medical records) or it can be used to make sensitive inferences about people when it comes to web browsing data, purchase history, location and mobility data.

The same can be said for Internet of Things (IoT) applications which typically collect and analyse personal data that can be used to derive sensitive information about individuals, but privacy concerns have not been explicitly considered in software engineering processes, partly due to a lack of tools, technologies and guidance.

Our work in privacy by design and in machine learning and cloud aims to find a balance at which both the user and the collector are as happy as possible with the amount and type of data being shared.

We provide solutions that extract as much use out of the data that the user consents to provide, or to protect privacy as much as possible while guaranteeing a utility level. We are currently aiming to protect against sensitive disclosures from published machine learning models.

The successful partnership was first established through Airbus Endeavr Wales, a joint research programme between Airbus and the Welsh Government. Our involvement centred on the quantification of risk in industrial manufacturing systems. The research outcomes produced were transitioned by Airbus into a functional tool that combines risk assessment, dependency modelling capability, and impact analysis for manufacturing systems and industrial supply chains.

Following the first publication of our early research into behavioural modelling of malware, Airbus recognised the innovation potential and our team was tasked with exploring novel malware detection methods incorporating machine learning for cyber-attack detection across the global Airbus IT and manufacturing network.

This key research was led exclusively at Cardiff University in collaboration with Airbus between 2016 and 2019, with the initial unique innovation aiming to distinguish malicious from trusted behaviour on computer networks using machine learning. Airbus then funded a PhD studentship to explore the concept further, and this work subsequently enhanced detection methods to include a world-first in predicting attacks during the early stages of execution, both from the Web and via desktop computing environments (eg. ransomware).

Airbus have directly invested more than £1.5m in collaborative research activity with our team, who are now providing leadership roles within the new £8m Welsh Government and Airbus-funded Cyber Lab that will research the next generation of cybersecurity solutions.

Sign up to our newsletter

Stay up-to-date on the latest cybersecurity trends and technologies by joining the Cyber Innovation Hub newsletter today.

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website: privacy policy We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.