A Novel Machine Learning Intrusion Detection System (IDS) for Detecting Advanced Persistent Threats (APTs) in Real-time Environments

This project provides an annual stipend of £19,237.

Project advert

Advanced Persistent Threats (APTs) pose significant challenges to computer networks due to their stealthy and persistent nature. They often use interactive command-line interfaces and interpreters included by default in Windows, MacOS and Linux operating systems to manipulate, interrupt, steal or destroy computer systems and data. While command and scripting interpreters are developed for legitimate users, APTs utilise them to execute malicious code and interact with local and remote systems during attack campaigns on a computer system or network.

However, traditional intrusion detection systems (IDSs) often take long and struggle to distinguish between benign and malicious interactions, especially for large-scale networks. Hence, they are slow to detect and mitigate these threats in real-time, posing grave risks to organisations and critical national infrastructures. To overcome these limitations, leveraging machine learning (ML) offers promising solutions.

This project aims to develop a ML-driven IDS to detect malicious command and script interpreters used by APTs to execute commands, scripts, or binaries on large-scale computer networks. The successful candidate will have access to cutting-edge facilities and dedicated specialised computing labs within the Department of Computing and Mathematics, located in the new £117M Faculty of Science and Engineering building.

Project aims and objectives

This project will utilise diverse data sources, such as network logs, endpoint network data captures, and threat intelligence feeds, to train a machine learning model. The model will analyse patterns, detect anomalies, and identify indicators of compromise (IoCs) based on real-world observations. The project will contribute towards cyber and network security by providing an efficient and intelligent real-time IDS that can be deployed in computer networks.

• Conduct a systematic literature review of existing ML models for real-time intrusion detection.
• Perform evaluation tests and select a ML model that can be implemented and deployed.
• Curate data sets and sources that include APT attack signatures and patterns.
• Design and train the ML model by using semantic analysis to detect APT command-line scripting operations in these data sources.
• Implement and deploy an ML model in large-scale network environments.
• Assess the performance of deployed machine learning models in large-scale networks by performing benchmark tests through metrics such as detection rate, accuracy, false positives, and response time.

Specific requirements of the candidate

In addition to the standard entry requirements for PhD programmes at Manchester Metropolitan University, applicants should have:

1. Strong background in Cyber Security, Computer Science or Data Science.
2. Good knowledge of machine learning and Python programming language.
3. Understanding of intrusion detection systems and network security.

How to apply

Interested applicants should contact Dr Alex Akinbi for an informal discussion.

To apply you will need to complete the online application form for a full-time PhD in Computing and Digital Technologies (or download the PGR application form).

You should also complete the PGR thesis proposal and a Narrative CV (supplementary information) form addressing the project’s aims and objectives, demonstrating how the skills you have maps to the area of research and why you see this area as being of importance and interest. 

If applying online, you will need to upload your statement in the supporting documents section, or email the application form and statement to pgradmissions@mmu.ac.uk.

Closing date: 14 October 2024. Expected start date: January 2025 for Home students and April 2025 for International students. 

Please note that Home fees are covered. Eligible International students will need to make up the difference in tuition fee funding. 

Please quote the reference: SciEng-2024-APTs