Detecting and responding to adversarial tools

Project summary

Information and network systems play an essential role in the operation of modern organisations, and are consequently attractive cyber attack targets. The consequences of cyber crime, warfare, and terrorism can be far reaching, especially in the context of critical infrastructure.

Cyber threat intelligence (CTI) is an emerging field in the area of cyber security, aiming to provide an insight into the tactics, techniques and procedures of adversaries and enable organisations to understand how to improve their threat hunting and security operations in terms of detection, mitigation and response. Its success requires advanced threat knowledge and an actionable way to represent that knowledge.

As an emerging field, cyber threat intelligence aims to complement existing protective and monitoring capability rather than replace it. Its pervasiveness continues to increase, with increasing numbers of small medium enterprises adopting CTI approaches. In a wide threat landscape, this highlights the need for improved threat-informed cyber defence-in-depth approaches that will provide multiple opportunities to not only prevent, but also detect, mitigate and respond to such incidents.

This project aims to utilise machine learning and cyber threat intelligence to enhance the detection, response and mitigation of advanced adversarial attacking techniques. To this end, the project will need to achieve the following objectives:

  1. Demonstrate awareness and critical review of the state of the art in cyber threat intelligence, as well as intrusion detection and response
  2. Investigate the extent to which existing extended detection and response systems detect and respond to advanced adversarial tools
  3. Design, implement, test and evaluate a novel detection model for adversarial tools
  4. Extend the previously proposed model for the response and mitigation of detected threats

This project is supported by endpoint protection specialist CrowdStrike. The PhD candidate will work closely with the research team in CrowdStrike.

Research centre 

Data Science Research Centre 

Entry requirements

For our PhD programmes, we normally expect you to have a first-class or upper-second (2:1) honours degree and preferably a masters degree from a UK universityuniversity or qualifications that we consider to be equivalent.

International students may also need to meet our English language requirements. Find out more about our entry requirements for international students. 

How to apply

Please contact Dr Maria Papadaki ( in the first instance for more information on how to apply.

The University has four starting points each year for MPhil/PhD programmes (September, January, March and June). Applications should be made at least three months before you would want to start your programme. Please note that, if you require a visa, additional time will be required. 


Self-funded by student. There is a range of options that may be available to you to help you fund your PhD.


Associate Professor in Cyber Security

Maria is an Associate Professor of Cyber Security at the Data Science Research Centre. She has been an active researcher in the cyber security field for more than 15 years, with research interests in incident response, threat intelligence, maritime cybersecurity, and human-centred security.