Cybersecurity Threat Analysis and Cyber-Attack Attribution with AI-Driven Solutions

About the project

This PhD project automates cyber-attack attribution using AI and NLP, enhancing defence strategies against evolving cyber threats. Objectives include dynamic attacker identification, a threat intelligence dashboard, and a QA system for real-time analysis. Applicants gain expertise in malware analysis and NLP, driving impactful cybersecurity innovation for proactive threat resilience.

This PhD project aims to enhance cyber-attack attribution through automation, leveraging AI and Natural Language Processing (NLP) to streamline the attribution process and improve defence strategies. Cyber-attacks are rapidly evolving, surpassing traditional ML methods that rely heavily on past data, which can quickly become outdated. As cyber-attack attribution is crucial for strengthening organizational defences and preventing future threats, this project will investigate AI-driven solutions to address the limitations of manual analysis, which is both time-consuming and resource-intensive.

Objectives of this project include:
(1) automating the cyber-attack attribution process using AI-driven solutions;
(2) identifying attacker techniques and countermeasures dynamically;
(3) constructing a threat intelligence analysis dashboard and Question-Answering (QA) system to support real-time analyst investigation.

Applicants will gain hands-on experience in malware analysis, intrusion detection system features, and advanced NLP techniques. They will also explore how attackers adapt and evolve their methods, analyzing the origins and contexts of attacks to enhance attribution accuracy. This project will involve designing solutions that are not only technically sophisticated but also contextually aware, providing more precise and actionable cybersecurity measures.

The impact of this work is significant: an automated, AI-driven attribution system will allow organizations to respond faster and more effectively to evolving threats, enhancing their resilience and proactive defence capabilities in an increasingly complex cyber landscape. This project offers applicants a unique opportunity to drive meaningful innovation in cybersecurity.

Potential supervisors

Lead supervisor

Dr Erisa Karafili

Associate Professor

Research interests

Formal methods techniques applied to security problems
Attributing and investigating Cyber Attacks
Threat Models for IoT devices and Hybrid systems

Entry requirements

First Honours or 2:1 bachelors or masters degree in Computer Science, Mathematics, Engineering or related areas. Experience and/or a high interest in cyber security, AI and ML is a strong requirement.

Fees and funding

We offer a range of funding opportunities for both UK and international students. Horizon Europe fee waivers automatically cover the difference between overseas and UK fees for qualifying students.

Competition-based Presidential Bursaries from the University cover the difference between overseas and UK fees for top-ranked applicants.

Competition-based studentships offered by our schools typically cover UK-level tuition fees and a stipend for living costs (minimum of £19,237 in 2024-25) for top-ranked applicants.

Funding will be awarded on a rolling basis, so apply early for the best opportunity to be considered.

How to apply

Apply now

You need to:
•    choose programme type (Research), 2025/26, Faculty of Engineering and Physical Sciences
•    select Full time or Part time
•    choose the relevant PhD in Computer Science
•    add name of the supervisor in section 2

Applications should include:
•    personal statement
•    your CV (resumé)
•    2 academic references
•    degree transcripts to date

Contact us

Faculty of Engineering and Physical Science

If you have a general question, email our doctoral college - feps-pgr-apply@soton.ac.uk.

Project leader

If you wish to discuss any details of the project informally, please email Erisa Karafili - e.karafili@soton.ac.uk

Postgraduate research project