Research

Research

Research

Cyber security is a difficult problem to solve. Not only because it is a widely technical with complex and inter-dependant networked systems, but also due to the multi-disciplinary nature of the issue.

Cyber security incorporates aspects of finance and economics, psychology and human behaviour, laws and policies, philosophy and requires a synergy and collaboration between a wide variety of technical expertise.

For decades organisations, governments and tech industries have been handling systems security and data breaches in a reactive way. Times are changing and we believe that threat intelligence and collaboration in cyber security is not only key to success but would durably shift the balance of power from attackers to defenders with preventive and proactive cyber-defence mechanisms.

Our main research goals are:

  • Build data and information sharing platforms enabling privacy-preserving data sharing and trustworthy cyber defence collaboration.
  • Design and construct resilient and reliable software systems to enable defence mechanisms in distributed and potentially hostile environments.
  • Design and build usable and human-centric security technologies to change humans from the weakest link of the chain into a first line of active defence.
  • Quantify and understand threats and cyber risks including socio-economics and financial risks.
  • Design policies, governance and decision-making platforms to investigate regulation-compliance and facilitate cyber security mechanisms embedding within organisations.

Cyber research diagram

Research team

Scientific Director

Prof. Dali Kaafar

Dali is spearheading Data61’s R&D activities in privacy-preserving technologies with a focus on private date sharing, Information security and Web and mobile security. Before that, at INRIA, he co-invented the technology behind geolocalisation of malicious botnet motherhood servers and pioneered research in the security of internet coordinate systems. Professor Kaafar has published over 200 peer-reviewed papers repeatedly in top journals and conferences, receiving many prestigious awards.

Homepage: https://research.csiro.au/ng/about-us/people/dali-kaafar/

Expertise in IT

 

Details

Research interest

Frank Cassez  A/Prof. Franck Cassez
Department of Computing
Email: franck.cassez@mq.edu.au
Website
Automated software verification, timing analysis of binary programs, control and verification of timed systems
Len Hamey  Dr. Len Hamey
Department of Computing
Email: len.hamey@mq.edu.au
Website
Machine learning  
Computer vision
Computer architecture
Christophe Doche  A/Prof. Christophe Doche
Executive Director, Cyber Security Hub
Email: christophe.doche@mq.edu.au
Website
Elliptic curve cryptography
Algorithmic Number theory
Michael Hitchens  A/Prof. Michael Hitchens
Department of Computing
Email: michael.hitchens@mq.edu.au
Website
Computer security, distributed systems and network security, authorisation (or access control), trust and network security protocols and video gaming
Annabelle Mciver  Prof. Annabelle McIver
Department of Computing
Email: annabelle.mciver@mq.edu.au
Website
Information and systems modelling, formal methods, privacy, eVoting
Michael Johnson  Prof. Michael Johnson
Department of Computing
Email: michael.johnson@mq.edu.au
Website
Category theory (mathematics), including applications to computer science, data modelling, information systems and systems interoperations using formal methods
Prof. Dali Kaafar
Scientific Director, Cyber Security Hub
Email: dali.kaafar@mq.edu.au
Privacy Preserving Technologies,Web Security and malware detection, Human identification, Next Generation Authentication systems, Networks Measurement and modelling
Anthony Sloane  A/Prof. Anthony Sloane
Email: anthony.sloane@mq.edu.au
Website
Programming languages and formal methods
Michael Sheng  Prof. Michael Sheng
Head of Department of Computing
Email: michael.sheng@mq.edu.au
Website
Web of Things, Internet of Things, Big Data Analytics, Web Science, Service-oriented Computing, Pervasive Computing, Sensor Networks
 Prof. Mark Johnson
Department of Computing and VoiceBox
Email: mark.johnson@mq.edu.au
Website
Computational linguistics, parsing and its applications to text and speech processing
Mehmet Orgun  Prof. Mehmet Orgun
Department of Computing
Email: mehmet.orgun@mq.edu.au
Website
Computational intelligence, multi-agent systems, trust and security, temporal reasoning, formal methods
Mark Dras  A/Prof. Mark Dras
Department of Computing
Email: mark.dras@mq.edu.au
Website
Natural Language Processing, Computational Linguistics, Machine Learning
Bernard Mans  Prof. Bernard Mans
Deputy Dean of the Faculty of Science & Engineering
Email: bernard.mans@mq.edu.au
Website
Algorithms and Complexity,Graphs,Mobile & Wireless Computing
Rajan Shankaran  Dr. Rajan Shankaran
Department of Computing
Email: rajan.shankaran@mq.edu.au
Website
Cyber Security, Mobile and Wireless Networks Security, Trust in Mobile Networks
Deborah Richards  Prof. Deborah Richards
Department of Computing
Email: deborah.richards@mq.edu.au
Website
Virtual Humans, Agent-based Simulations, Virtual Reality and Simulations, Knowledge Acquisition, Serious Games (education, training and health)
James Xi Zheng  Dr James Xi Zheng
Department of Computing
Website
Software Engineering, IoT Security 
Jia Wu  Dr Jia Wu
Department of Computing
Email: jia.wu@mq.edu.au
Website
Data Mining, Machine Learning, Big Data Analytics
Amin Beheshti  Dr Amin Beheshti
Department of Computing
Email: amin.beheshti@mq.edu.au 
Data Science, Data Mining
 A/Prof Yan Wang 
Department of Computing
Email: yan.wang@mq.edu.au
Trust Management, Services Computing, Social Networks, Security
 Dr Matt Roberts
Department of Computing
Email: matthew.roberts@mq.edu.au
Website
Programming Languages, Type Systems
Young Lee  Dr. Young Choon Lee
Department of Computing
Email: young.lee@mq.edu.au
Website
Resource management in distributed computing systems,
Cloud data centre efficiency,
Data-intensive computing,
Scheduling for distributed systems,
Data centre efficiency and sustainability

Expertise in Business

 

Details

Research interest

Yvette Blont  Dr. Yvette Blount
Department of Accounting and Corporate Governance
Email: yvette.blount@mq.edu.au
Website
Business analytics and intelligence, business information systems, telehealth and Anywhere working (telework, telecommuting, flexible work)
Philomena Leung  Prof. Philomena Leung
Associate Dean – International and Corporate Engagement
Email: philomena.leung@mq.edu.au
Website
Corporate governance
cyber risk and auditing
Verity Greenwood  Dr. Verity Greenwood
Accounting and Corporate Governance
Email: verity.greenwood@mq.edu.au
Website
Financial crime
and governance
Shevchenko Pavel  Pavel Shevchenko
Professor - Department of Applied Finance and Actuarial Studies
Email: pavel.shevchenko@mq.edu.au
Website
Risk management, financial mathematics
insurance mathematics, operational risk, credit risk, portfolio asset allocation, pricing financial derivatives, mortality modelling and retirement income products, claims reserving, modelling commodities and FX markets, modelling extreme events, dependence modelling, state-space models, Monte Carlo methods, optimal stochastic control
Stefan Trueck  Stefan Trueck
Professor of Finance - Centre for Financial Risk
Email: stefan.trueck@mq.edu.au
Website
Risk Management (Credit and Operational Risk), Asset Pricing, Energy Markets, Financial Economics, Carbon Trading and Economics of Climate Change, Real Estate Economics, Econometrics of Financial Markets.
Mauricio Marrone  Dr. Mauricio Marrone
Faculty of Business and Economics
Email: mauricio.marrone@mq.edu.au
Website
Innovation Diffusion, Literature Review Methodology, Text analytics and text mining, Digital Transformation, Gamification in Business
Elizabeth Sheedy  A/Prof Elizabeth Sheedy
Department of Applied Finance and Actuarial Studies
Email: elizabeth.sheedy@mq.edu.au
Website
Risk culture, ethical culture/leadership, remuneration and experimental investigation of risk management behaviour.

Expertise in Criminology and Intelligence

 

Details

Research interest

Angela Irwin Dr. Angela Irwin
Department of Security Studies and Criminology
Email: angela.irwin@mq.edu.au
Website
Anti-money laundering / counter-terrorism financing, digital currencies, cybercrime, cybersecurity and criminology
Ben Schreer  Prof. Ben Schreer
Head of Department, Department of Security Studies and Criminology
Email: ben.schreer@mq.edu.au
Website
Cyber war, cyber conflict and international security
Rebecca Vogel  Rebecca Vogel
Department of Security Studies and Criminology
Email: rebecca.vogel@mq.edu.au
Website
Intelligence, insider threats, national security and
cyber espionage
Brett Peppler  Brett Peppler
Honorary Fellow
Email: brett.peppler@mq.edu.au
Website
Decision-making under uncertainty, with an emphasis on blending foresight methods; Intelligence practices, with an emphasis on innovation through cross-disciplinary approaches; Gaming and simulation, with an emphasis on enriching the design of intelligence education.

Expertise in Law and Psychology

 

Details

Research interest

John Selby  Dr. John Selby
Department of Accounting and Corporate Governance
Email: john.selby@mq.edu.au
Website
Intellectual property, online trade and data protection
Mark Wiggins  Prof. Mark Wiggins
Department of Psychology
Email: mark.wiggins@mq.edu.au
Website
Acquisition, maintenance and loss of performance
Niloufer Selvadural  A/Prof. Niloufer Selvadurai
Email: niloufer.selvadurai@mq.edu.au
Website
Intellectual property, E-Commerce Law
 

ARC DECRA Fellow Tiffany Jones                          Email:     tiffany.jones@mq.edu.au

Transnational social media propaganda memes' fostering of social divisions

Research Groups

The Information Security and Privacy (ISP) Group

Data comes in different formats and, today, almost every organisation in our digital economy relies on data one way or the other. The ISP group at Macquarie University aims to build on expertise in systems and protocols, information theory, applied cryptography and cryptanalysis as well as machine learning and data mining to secure data transmission and ensure private processing of the data across the entire data lifecycle.

ISP Group

Centre for Elite Performance, Expertise, and Training (CEPET)

A key strength of CEPET is its multi-disciplinary team and approach to issues surrounding the acquisition, maintenance, and loss of expertise.

CEPET

Programming Languages and Verification Group (PLV)

PLV conducts research in all aspects of modern programming languages and systems which focuses on research that builds on theoretical foundations to construct real world software systems. These interests encompass: programming language theory, design and implementation; tools and environments for programming languages; and program specification and verification.

PLV Research

Research Funded Projects

Differential Privacy Algorithms for Data Sharing (with Data61)

Investigator: Prof Dali Kaafar

End Date: June 2019

Description: Informally, privacy means hiding an individual’s data. On the other hand, for the released data to be useful, it should be possible to learn something significant. The fundamental law of Information Recovery states that an “overly accurate” estimate of “too many” statistics completely destroys privacy. Differential privacy is a mathematically rigorous definition of privacy tailored to analysis of large datasets and equipped with a formal estimate of the privacy/utility tradeoff. One of the strengths of differential privacy is the ability to reason about cumulative privacy loss over multiple analyses (even though, as mentioned next, it is unclear how the accumulated privacy loss relates to actual real-life privacy threats).

While Differential privacy has attracted significant interest from the research community and from Industry (Differential Privacy framework inception was at Microsoft Research and Apple decided to collect user data under the “differential Privacy” framework), it unfortunately does not provide any quantitative measurement of the privacy guarantees and hardly enables to understand the implications of the privacy risks in practice. In a recent study for example, we showed ways of achieving differentially private recommendation systems data (in a Matrix Factorization context) and showed that coming up with a practical translation of the notion of privacy provided by a Differentially private algorithm is an open Research problem. To understand the practical implications of the privacy guarantees (or lack thereof) of different privacy-preserving techniques, this project aims specifically at exploring the limits of differentially private techniques in generating synthetic datasets by proposing practical attacks that violate the differential privacy properties This includes evaluating differential privacy aggregation-based techniques inspired by Pyrgelis et al in PETS17. The aim is to introduce clarity and a practical understanding of the notion of privacy guarantees when generating private synthetic datasets. We will also design differentially private techniques to enable the release of datasets with Differential Privacy Guarantees.

Mathematical Foundations for Privacy - Preserving Techniques (with Data61)

Investigators: Prof Annabelle and A/Prof Mark Dras

End Date: June 2019

Description: This research addresses the problem of maintaining privacy in data mining.  Machine learning is a powerful technique which allows "data scientists" to discover relationships between attributes in complex data sets. It is important in medical and biological research and has redefined modern marketing campaigns and customer service.  An open problem is how machine learning/data mining relates to breaches of privacy with regards to the individuals whose information makes up the body of data used in the learning experiments.

Differential privacy was invented to protect individuals' privacy in the specific scenario of statistical databases. It works well for certain types of query -- however in the context of text data it does not produce good solutions because the noise it adds runs counter to the idea that readable text should be the result of a query1. Moreover data sets formed from social network sites such as Facebook shows that even there Differential Privacy is not always useful since even a specific limit on differential privacy in some circumstances can still leak arbitrary amounts of information2.

This project aims to explore the foundations of privacy in the first instance and to apply the results to the area of machine learning in text processing and privacy in social media. It builds on recent research into quantifying information vulnerabilities in security systems. The outcomes will be:

  • A mathematical foundation for privacy explained in terms directly related to an attacker and user.
  • An application of the theory to new ways to evaluate obfuscation mechanisms currently a popular task in the ML community.
  • An investigation of privacy within a popular social networking environment (eg Facebook).
  • An evaluation of differentially private variations so that they can be extended in some circumstances to text data.

Server-Side Blocking: Characterizing and Measuring Service Provider's Discrimination

Description: While we have a qualitative understanding that the Internet is becoming increasingly balkanized, due to increased data localization laws and breakdowns of safe-harbor agreements, it is difficult to quantify those changes. A data-driven approach is needed to provide a more methodical understanding of the changes that are happening, so that the harms caused by such laws and infringement of agreements can be measured and tracked over time.

Moreover, current work to understand nation-state censorship often neglects the existence of server-side blocking. The magnitude of this blocking is unknown, and it is not clear how much this phenomenon affects the accuracy of current censorship studies. We aim to investigate this issue and help censorship measurement better isolate the effects. This project focuses on understanding the content blocking, operational details as well as hidden aspects of servers such as virtual private servers belong to VPN providers and content delivery networks (CDNs). We perform an empirical, data-driven approach for evaluating VPNs and CDNs in the wild, focusing on the traffic manipulation and discrimination of users (i.e., blocking content) using these technologies and services. In our ongoing work, we begin by analyzing the blocking of VPN providers. We acquired a comprehensive overview of VPNs providers and their popularities around the globe (see below for details) by querying Google Play Store and search engines from various geolocations. To get insights on the geo-localized blocking of VPN servers, in the coming month, we plan to purchase VPN services for performing our experiments.

Funded by: Open Technology Fund (OTF)

People Involved: Muhammad Ikram (Macquarie University and University of Michigan) and Roya Ensafi (University of Michigan)

MRes/PhD topics

View the list and details of current MRes/PhD topics.

Publications

View the list and links to download our publications.

Back to the top of this page