Weak Signals as Predictors of Sophisticated Social Engineering Attacks

GCHQ / Lancaster University ACE-CSR Studentship Grant

Closing Date 21st Jan 2014

Project Background

The Government Communications Headquarters (GCHQ) has agreed in principle to fund a PhD studentship in the Security Lancaster, Lancaster University's research centre for security and protection science. The centre is an Academic Centre of Excellence in Cyber Security Research, as awarded by EPSRC and GCHQ. The centre has a longstanding expertise in developing natural language processing techniques and tools for cyber security issues. Its research in this area was highlighted as one of the 100 big ideas of the future by Research Councils UK and Universities UK and is also being used in various practical cyber security contexts. The student will have the opportunity to join and build on this international-leading programme of research. The student will be supervised jointly by Dr Alistair Baron and Prof. Awais Rashid.

Project Description

Options are required to address the challenge of tackling increasingly sophisticated social engineering attacks that aim to compromise an organisation's security in cyber space. Existing methods for detecting social engineering attacks focus on the so-called 'strong signals' - signatures of well-known attack methods such as phishing, spear fishing and credential harvesting. Little or no attention is paid to the 'weak signals' that develop at the fringes of the mainstream and later reach a tipping point that leads to cyber security breaches. By detecting such weak signals in emails, instant messaging and social media channels, early warnings of unfolding sophisticated social engineering attacks can be flagged before they escalate into a full-scale breach.

Natural Language Processing (NLP) provides methods for analysing unstructured language to derive meaning and inferences. The research in this PhD project will utilise NLP methods, such as text classification for author profiling and deception detection, in order to intelligently filter the deluge of communication data found in an organisation's network traffic, flagging up potential anomalies that require further investigation. A key component of the research will be to build a system that is robust to the features of online language (such as irregular spelling), but also intelligent enough to use these features to improve performance.

You will work with Security Lancaster's extensive network of industrial collaborators to develop and evaluate a system which can be incorporated into the working practices of an organisation's cyber security management to assist in the detection of the early signs of potential social engineering attacks.

Funding and requirements

The studentship will be funded for 3.5 years, with GCHQ covering the cost of university fees and providing an enhanced annual stipend to the student of £23,000. There will also be a generous travel budget provided to fund attendance at international conferences and other events. The studentship is only open to UK nationals and the successful candidate will have regular visits to GCHQ in Cheltenham. Therefore, to be considered for the studentship, candidates must be prepared to undergo GCHQ's security clearance procedures.

We expect the candidate to have at least a strong upper second class honours degree in Computer Science or a closely related discipline. Prior knowledge of cyber security related issues and/or Natural Language Processing is desirable, but not essential.


Formal application should be made via the Postgraduate Applications Portal, MyLancaster. More details can be found here.

Informal enquiries regarding the studentship maybe directed via email to Dr Alistair Baron (a.baron@lancaster.ac.uk) or Prof. Awais Rashid (marash@comp.lancs.ac.uk).

Informal enquiries regarding the application process to the School of Computing and Communications may be made via email to the SCC PhD applications team