Decorative Image

Cyber Threat Laboratory

With the growth of the Internet and billions of connected devices, opportunities are greater than ever for sophisticated and targeted attacks. Gaining an understanding of how attackers operate is crucial in the prevention of further compromise and exploitation. The Cyber Threat Laboratory is an environment built in partnership with Lancaster University which grants unparalleled insight into the emerging threat landscape as it unfolds.

Fujitsu Enterprise & Cyber Security and Security Lancaster have partnered to create a flexible research facility that enables threat analysis and identification of sophisticated attacks to be tested. The Cyber Threat Laboratory hosted at Lancaster University is designed to provide a collaborative platform that allows analysis of threats and behaviour to take place, in a safe and controlled environment. The laboratory provides centralised infrastructure enabling multiple projects and experiments operating simultaneously inside the lab to benefit from mature industry standard tools.Comparable to any research with unknown volatile outcomes, experiments into cyber threats and malware also needsto be handled in a controlled environment with appropriate safeguards and equipment. Lancaster University with industry input from Fujitsu is now able to offer this to its users though the Cyber Threat Laboratory.

Image of Lab set-up

The Lab

The laboratory consists of multiple inter-connected components which provide a framework for projects to analyse vast amounts of malicious data garnered by myriad sources. This data proves fruitful in understanding the manner in which attackers operate and will ultimately be used in the prevention of such attacks. The method in which the data is retrieved and how this is dissected is dependent upon each experiment’s procedure. This allows a wide range of possible techniques which benefit from a shared infrastructure that promotes collaboration.

Various experiments have been conducted in the Cyber Threat Laboratory and many more have been offered as part of academic research such as undergraduate, postgraduate and doctoral thesis proposals. Not only does this foster interest in the security field for young students, but it also benefits the laboratory as a whole by contributing additional data to consider.


  • Experimentation:

    Each experiment has access to a shared infrastructure which hosts a range of valuable services.

    In an attempt to promote collaboration and further analysis of results, each experiment has access to a shared infrastructure which hosts a range of valuable services. The technologies used to assess certain attack scenarios differ depending upon circumstance, however, facilitating the transfer and visualisation of logs via embedded protocols enables each experiment to rapidly analyse rich data sets in a secure environment.

  • Architecture:

    The laboratory is divided into two primary logical zones.

    The laboratory is divided into two primary logical zones, a green zone that allows management and entry into the environment and a red zone which hosts the machines and devices where analysis of threats takes place. The laboratory provides controlled experiments of varying risk levels to take place through a number of segmented networks. These networks employ differing access to local and internet services.

  • Benefits:

    Designed with flexibility and security in mind.

    Designed with flexibility and security in mind, the Cyber Threat Lab incorporates best practices to encapsulate various experiments within their corresponding network space, whilst allowing access to shared infrastructure components.

     Central placement and overview of all cyber research
     Centralised, mature monitoring
     Considered and tested safeguards
     Real world traffic

  • Network considerations:

    University IP space can often be subject to specialised attacks.

    University IP space can often be subject to specialised attacks that provide researchers with a broad range of data. Traffic from most business networks will consist of similar predictable flows, such as connections to online CRM systems, online storage and some personal employee traffic. University networks contain a very broad spread of activity, from large amounts of research traffic from CERN to shops and residential activity. Academic networks have been at the centre of a number of large attacks over the last five years that have forced Higher Education providers and supporting parties to undertake significant investment into their infrastructure.

Future Work

The Cyber Threat Laboratory aims to act as the facilitator for a range of cyber threat intelligence frameworks that can adjust over particular stakeholder scenarios. The Laboratory conducts innovative experiments to gather novel data relating to emerging threat actors. This data is intrinsic in the creation of countermeasures which provide a safeguard against sophisticated attacks that would otherwise wreak havoc among enterprise systems. This perpetual back and forth battle between malware authors and defense architects means that efforts in prevention have to be constant and rigorous, considering all available data.

Our Team

Cyber Security Research Centre (Security Group), Cyber Threat Lab, i-DID , SCC (Security), Security Lancaster, Security Lancaster (Academic Centre of Excellence), Security Lancaster (Networks), Security Lancaster (Systems Security)

Cyber Threat Lab, i-DID , SCC (Networking)

Cyber Security Research Centre (Security Group), Cyber Threat Lab, i-DID , SCC (Security), Security Lancaster, Security Lancaster (Academic Centre of Excellence), Security Lancaster (Systems Security)

+44 (0)1524 510788

Publications & Projects

View Publications

View Projects

KTP in Threat Intelligence Analytical Software
12/08/2019 → 11/08/2021

SL: KTP: Xyone Ltd
12/08/2019 → 08/09/2021

Pozibot: Quantum-secured remote monitoring and data logging technology that enables a dynamic insured warranty for battery packs
01/03/2019 → 31/05/2021

Large-Scale Cloud Resource Allocation
01/02/2019 → 31/01/2020

Contact Us

If you would like to collaborate or find out more about the Cyber Threat Lab or have a general enquirey, please use the form below. 

Fields marked with an asterisk (*) are required.

Your details

Lancaster University will hold and use the information which you supply in line with our privacy policy. This will be used to contact you in response to your enquiry. We would also like to send you information that is relevant to your enquiry. Please tick here if you would like to hear from us:

Don’t worry, if you change your mind at a later time, please let us know by emailing us at and we will remove/change your information.

By post

Cyber Threat Lab (Dr Angelos Marnerides)
Lancaster University
United Kingdom

By phone

+44 (0)1524 510310

By email

Find Us