Contact us
- Macquarie University Cyber Security Hub
- Macquarie University NSW 2109
- E: cybersecurityhub@mq.edu.au
A list of our current Master of Research (MRes) and Doctor of Philosophy (PhD) research projects. To learn more or apply — contact the project supervisor.
We're currently engaged in the following MRes projects:
BGP hijacking attacks result in service disruption on the Internet and are affecting online platforms. This project aims to circumvent BGP hijacking attacks using consortium blockchain technology.
This system leverages distributed and temper proof consortium blockchain, which eliminates the role of a blockchain miner. Hence it is exclusive and dedicated for authorised parties only. This system can automatically detect the prefix hijacking based on the IP prefixes stored in the blockchain-based distributed repository and then create the filter command to the router to block the incoming prefix that suspected as malicious.
We implemented this system using Hyperledger Fabric blockchain and Quagga software package. The evaluation results show the efficacy of BlockJack in authorising the prefixes and verification of the current BGP traffic conditions. Moreover, this system is designed to be resilient to block the prefix hijacker during BGP route advertisements and divergence.
Contact Dr Muhammad Ikram on muhammad.ikram@mq.edu.au.
The Web is a tangled mass of interconnected services, where websites import external resources from third-party domains serving various purposes including analytics, tracking, advertisement or external dynamic content display.
The resources dependency, however, is quite often extended by third-party domains loading the requested content further from other domains. This creates a chain of dependency where content is being served from third-parties that the first-party websites would be implicitly trusting.
The chain of dependency can be loosely controlled as first-party websites often have little, if any, visibility of where the resources loaded originate from. In this project, we aim to design and implement a data-driven analysis tool to characterise this implicit trust in the chain of dependency for Alexa’s top-1M websites and to measure the risks that first-party websites may be undertaking while loading resources from possibly malicious domains.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
A general approach to the security and privacy issues of mobile apps is through static code analysis and runtime dynamic analysis. The former involves source code investigation and often requires fewer resources and computation-time. However, static code analysis often fails to capture the actual behaviour of mobile apps and may result in high false positive and false negative rates.
To overcome this ineffectiveness at the cost of conservative resource requirements, runtime dynamic analysis reveals apps’ behaviours by leveraging apps’ network traffic and requests to sensitive resources. To complement our static analysis of mobile apps, in this project, we aim to design and implement a framework to automatically perform runtime dynamic analysis of mobile apps at scale.
There has been quite a lot of media coverage on our research (eg covering VPN Mobile Apps Security and Privacy) including NYTimes, CNN, ITWire, Slashdot, Security Week, ABC News, TheRegister, Technology Decisions, SHM, and more.
Join a vibrant research team investigating mobile apps security. We are raising awareness and preventing mobile security flaws.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Differential privacy has become an important concept for protecting sensitive data because it provides a notion of a strong privacy guarantee. Originally formulated for queries to statistical databases, variations of the idea can be used to ensure privacy in other domains (such as location privacy).
This project focuses on generalising these ideas by investigating the algebraic properties of privacy mechanisms to enable mechanisms to be combined in various ways to understand privacy guarantees over other complex domains. The work will use novel theories of information flow based on channels and will take examples and case studies from machine learning.
Contact Professor Annabelle McIver on annabelle.mciver@mq.edu.au.
In recent years, malicious internet activity campaigns have been showing an alarming increasing resiliency against detection techniques using swift adaptation and some advanced evasion techniques.
Leveraging a worldwide unique dataset of more than 650 millions entries and covering over ten years of malicious activity, this project aims to investigate internet malicious activity and to characterise and quantify their impact on online services.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
To guarantee the confidentiality and integrity of user sensitive data, mobile apps such as Facebook, CommsBank, or YouTube often use HTTPS. Security research communities have spent a considerable effort focusing on measuring and analysing HTTPS adoption in desktop computing platforms.
Several proposals have been proposed to enforce HTTPS and to inform users if sensitive data is transferred via non-secure HTTP. However, HTTPS adoption and security analysis of mobile apps received very little to no attention. To fill this gap, this project aims to design and implement a measurement and analysis framework of Android mobile apps leveraging on static code analysis and runtime dynamic analysis techniques.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
The purpose of this research is to analyse and find out why mobile apps can be categorised as malicious based on their behaviour. In this project, we are collecting a huge number of mobile apps and then verify those apps using third-party anti-virus software to create a list of apps that categorised as malicious.
We deploy static analysis to collect the information based on dangerous permission, local API call, third-party library, and other parameters that are currently known as an indicator of malicious activities. We also conduct dynamic analysis to detect any information personal information leaks during the app's operation. Based on those parameters, we are using machine learning to find such patterns found in common malicious apps.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
We're currently engaged in the following PhD projects:
Online social networks are very popular for social interactions and exchange of views. It is also very common to have hateful and negative behaviour towards each other, or towards any sensitive topic on such platforms.
This project aims to address the challenging problem of characterising and understanding online hateful behaviour (eg hate speech dissemination and trolling) to determine the modus-operandi of profiles engaged in such activities and help identify features to allow monitoring and deletion of suspicious profiles.
For this study, we will perform an in-depth temporal study of profiles over time. We will evaluate the possible connection between hateful behaviour and certain events like international events or popular trends. We will also conduct experiments to find any possible activity clusters in a hateful user and followers.
Another complementary part of the project is to analyse and characterise the privacy and security issues in web-based online games (also known as IOGames). IoGames are a popular genre of online games that do not require any installation or configurations and can be run in browsers. The online analysis consists of several steps:
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
This project aims to introduce privacy risks associated with users’ touch gestures across multiple mobile devices. The project is an extension of our previous work in which we quantified the uniqueness of touch gestures on a single mobile device and thus showed that users could be identified through the unique patterns of their touch gestures.
The threat is known as 'touch-based tracking' on mobile devices. For this project, we will first perform a user study to collect the data on different devices via a mobile app, and then quantify and track users using a probabilistic framework on multiple devices.
Another interesting feature about this project is to obfuscate the user touch-data using privacy-preserving methods. We will use generative adversarial networks (GANs) to preserve the privacy of a user’s touch-data.
The project requires a sound knowledge of Android applications and Java language.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
This project concerns the formal analysis of cyber risk. Cyber risk imposes an increasing threat to businesses, and a project in this theme will concentrate on the precise modelling of cyber-attacks based on historical incidents.
The general methodology is to formally define and quantify the notion of severity for selected cyber attacks (eg duration and throughput for DoS attacks, number of records for data breach attacks, size of compromised network/machines for servers and botnet farms, etc.).
On the one hand, the severities are linked to root technical causes which, ultimately, are captured within the developed formal models. On the other hand, the severities can also be transformed into concrete losses which are important for the evaluation of digital business vulnerabilities and the effectiveness of protective measures for various known cyber attacks.
The goal is to gain a firm understanding of the impact of low frequency but high severity cyber attacks to price the associated risks.
Contact Professor Annabelle McIver on annabelle.mciver@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
This project aims to preserve the privacy of users' online data from the inference attacks by an eavesdropper who gets access to (anonymised) data. We intend to develop a web browser plugin for real-time privacy risk prediction and obfuscation of web data.
The framework is made resilient to adversarial attacks, where the adversary with the knowledge of the model and calculated probabilities can make inferences about the actual data and the obfuscated data.
Design a browser plugin for the framework of privacy risk prediction, and obfuscation for web data (we aim to start with web search queries only), implement the plugin Testing Deploy and conduct user study experiments using the developed plugin research other methods for improving privacy/utility of obfuscation — such as Dirichlet priors and generative adversarial networks (GANs).
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Contact Professor Dali Kaafar on dali.kaafar@mq.edu.au.
Personal Identifiable Information (PII) about individuals, such as customers, taxpayers, patients, and mobile application users, is increasingly collected and linked across disparate data sources to enable customized, high-quality, and timely analytical services in a variety of applications. Examples include:
The data (PII) needed for the linkage analytics is, however, often personal and sensitive, and needs to be processed using privacy-preserving techniques. Known as privacy-preserving record linkage (PPRL), we have been conducting research and development in PPRL addressing the key challenges of enhancing computational efficiency, developing advanced linkage techniques for complex data types, and providing provable privacy guarantees of linkage.
Contact Dr Dinusha Vatisan on dinusha.vatsalan@mq.edu.au.