PhD Studentship - Security of Internet of Things

Bournemouth University

The Internet of Things (IoT), the worldwide network of interconnected objects, is expected to succeed ubiquitous computing, as the current technological paradigm. Indeed, according to a recent Gartner report, it is estimated that 25 billion “things” will be interconnected by 2020, creating opportunities for new services and products. However, the proliferation of IoT will not come without security risk. On the contrary, as these devices have already been deployed with limited security capability they are already being used by attackers to form botnets and launch Distributed Denial of Service (DDoS) .
DDoS attacks is an open problem in the world of computing and, thus, it is considered as one of the most important threats to IoT. DDoS disrupts service by creating network congestion and disabling normal functions of network components, thus legitimate users cannot access the services. The aim of this doctoral research project is to develop a framework for early detection of DDoS attacks in terms of time and location, enabling the network owners/administrators to confront the attack at its launching stage. The proposed countermeasure against DDoS attacks should be compatible with the inherent characteristics of IoT devices, namely should be distributed and lightweight, in terms of processing overhead and energy consumption.
The first year of the project will include a state of the art review of the relevant academic literature, focusing on IoT threats such as DDoS attacks and countermeasures. Through the gap analysis the student will identify the design goals and requirements of the framework. In the second year of the project the student will design the framework. The student will explore semantic analysis and data mining techniques, besides fuzzy logic to facilitate attack detection and reduce false positives. Finally, in year three the framework will be evaluated with data collected from emulation of DDoS attacks or with data that are provided by the company.
Rahjooyan Salamat Isfahan (RASA) will be a major beneficiary of this research. The company is planning to invest in the creation of a smart city in Iran, in the field of health care. Therefore, this framework will enable the company to mitigate IoT risk, such as DDoS attacks. Moreover, this research will benefit other stakeholders from the IoT industry, as the outputs of the research will be disseminated in peer-reviewed academic papers (aiming at least at one in a 3* REF journal).
The supervisory team for this research project will include Professor Vasilis Katos and Dr Alexios Mylonas who are both experts in Cyber Security. Dr Mylonas is an early career researcher and he will undergo PGR Supervisory Training as part of his personal development plan, as agreed with the Head of the Department. The student can also benefit from other colleagues from the Cyber Security Unit (CSU) and can initiate collaborations with other PhD students, or any partners of the CSU.
Academic Impact
This research will benefit the Cyber Security research community, as this work will address threats in an emerging computing paradigm, namely IoT. The outcome of the research project will be submitted in esteemed, international, peer-reviewed conferences in order to share the knowledge gained, as well as get feedback from the academic community. In addition, the student will be encouraged and supported in preparing and submitting a journal paper (minimum 3* REF journal) before the completion of the PhD project.
Societal Impact
This research focuses on IoT security, which is an emerging issue in the industry. Currently, we have seen IoT devices (such as refrigerators, CCTV cameras, children’s toys) being created by companies that specialize in creating “things” and not on Cyber Security. Therefore, it is inevitable that attackers are exploiting and using these poorly protected devices - with regards to Cyber Security - in order to mount their attacks (e.g. DDoS attacks, online currency mining, etc.). Moreover, the consumers of these devices are in general not security and technically savvy, therefore this technology introduces severe risks to their security and privacy. The aforementioned, coupled with the pervasiveness of this technology highlights the importance or any contribution in the IoT security literature to both the consumers of IoT, as well as companies (such as RASA) that are deploying this technology.
Training Opportunities
The student will be provided with a variety of research training opportunities, to prepare them for a career in academic or industry research. Upon the completion of this project, it is deemed that the student will have gained considerable experience in IoT security. The student will have the option to attend Units that relevant are relevant, if this is required at any stage of the Project. In this regard, the student can benefit from the MSc in Data Analytics and MSc in Cyber Security and Human Factors, which are offered by the University. In addition, the student will be given the option to develop their teaching skills by undertaking student contact hours (undergraduate and/or post-graduate) as a demonstrator in units that focus on cyber security and/or network security. Finally, the student will be given the option to undertake training on CISCO network security (e.g. CISCO CCNA, CCNA Security) from the University’s CISCO academy.
Supervisory Team
First Supervisor Dr Alexios Mylonas
Additional Supervisors Prof. Vasilis Katos
Eligibility Criteria
All candidates must satisfy the University’s minimum doctoral entry criteria for studentships of an honours degree at Upper Second Class (2:1) and/or an appropriate Masters degree. An IELTS (Academic) score of 6.5 minimum (or equivalent) is essential for candidates for whom English is not their first language.

Funding information

Funding applies to:

Open to applicants from a range of countries

Contacts and how to apply

Academic contact:

To discuss this opportunity further, please contact Dr Alexios Mylonas via email: amylonas@bournemouth.ac.uk

Administrative contact and how to apply:

Please complete the online application form by Monday 20 June 2016. For further information and details of how to apply please see here.

Application deadline:

20 June 2016