This page lists indicative research areas/topics for prospective PhD applicants to identify supervisors and research topics for their PhD project. Potential research students are encouraged and welcome to produce their own suggestions in cyber security that broadly meet the general interests of the Group’s Core Members.

PhD Scholarships

From time to time, we offer funded PhD scholarships. Such scholarships are normally funded via the Institute of Cyber Security for Society (iCSS), School of Computing, Division of Computing, Engineering and Mathematical Sciences (CEMS), the University of Kent or external funders. Please note that the 2025 PhD scholarships are to be announced.

Our Group’s Core Members can supervise PhD students under two different programmes and their suggested PhD topics are listed below. To find out more topics, visit each member’s website and study their recent research publications, projects they are working on and any further guidelines for PhD applicants.

PhD Computer Science

Rao Faizan Ali

Visit his University of Kent web page for more information about his research interests and publications. Two example projects he is interested in supervising are listed below.

Information Security Compliance and Generative AI:
Before the ChatGPT or Generative AI boom, those template-based approaches were thought to be the best to mitigate behavioural information security attacks. It was considered that if an organization has the right security policies and standardization, it is 80 percent secure from inside or outside attacks. But generative AI has changed the whole plot, now with the help of generative AI hackers or attackers have some lethal weapons in their arsenal to attack an organization (Gupta, M., 2023). Methods for Mitigating Generative AI based attacks. As discussed above, organizations must replace old traditional methods with new technological methods and new cybersecurity training, As a researcher more research is required to mitigate AI-based Attacks. This project will be a blend of AI and cybersecurity research.

Information Security Compliance Evaluation using Synthetic Ethical Hacking Tests:
This project focuses on leveraging ethical hacking as a tool to assess and enhance organizational security compliance. The primary goal is to design and simulate synthetic hacking scenarios that mimic real-world cyber-attacks. These tailored ethical hacking tests will be used to evaluate not only the technical defences of an organization but, more importantly, the human behaviours and decision-making processes in response to security threats. By incorporating human factors into the design of these synthetic attacks, the research aims to uncover potential weaknesses in security practices that may arise from non-compliance, lack of awareness, or other behavioural gaps. These insights will help establish a more comprehensive security compliance index, offering organizations a deeper understanding of how well their security policies and training programs are adhered to in practice.

Budi Arief

Security and privacy in IoT and Industrial IoT: proof-of-concept attacks and countermeasures, IoT honeypot, specific application domains

Human aspects of security: understanding stakeholders involved, protecting vulnerable people (e.g. victims of child sexual abuse/exploitation and survivors of domestic violence), cybercrime, socio-technical solutions

Malware and ransomware: detection, containment and recovery

Opportunities and challenges related to emerging technologies: for instance, the use of LLM and AI in security research, countering the negative impact of these technologies

Sanjay Bhattacherjee

Post-quantum cryptology: Algorithms for finding short vectors in a lattice; theoretical bounds on the runtime, correctness and output quality; precision-handling in computations; design and security analysis of lattice-based cryptographic protocols; implementations

Algorithmic game theory: Design of new voting games, their efficiency analysis, and implementation

Blockchain: Design and analysis of blockchain protocols for different layers, their security analysis and implementations

Virginia Franqueira

Cross-sector sharing of cyber security incidents data:
Numerous initiatives are in place to promote sharing of information and lessons learned about cyber incidents but they tend to focus on a specific sector, region or network of professionals in a non-structured manner therefore not prone to automated analysis. Sharing of this type of information is also regarded as problematic for many reasons. This project aims to propose a framework to support expressing and exchanging of cyber incident information and lessons learned on a standardised and anonymous way.

Detection of illegal videos:
Detection of illegal videos is complex and different solution directions have pros and cons, e.g., in terms of the ability to cope with video manipulations and performance. Approaches include video similarity detection algorithms that produce a fingerprint for an entire video, frame selection followed by image similarity matching, and aggregation of local image descriptors. This project aims to evaluate existing algorithms for detection of manipulated videos (using legal datasets) against reference videos (akin to illegal videos), and to propose an optimal combination that improves detection rate, implemented in a toolkit.

Automated age estimation:
Online platforms, such as social media, have age restrictions for access to functionalities and/or creation of accounts. However, the enforcement of minimum age (e.g., 13) tends to be weak, mainly based on self-reported date of birth or peers endorsement. This project aims to explore possible alternatives and sources of information that could be used to build confidence about age in a bottom-up and privacy-preserving manner, and implement a proof-of-concept mechanism to allow or deny access based on the inferred age.

Forensics of computer-generated media:
The surge of AI-based platforms and techniques to generate or manipulate media and text has resulted in different types of emerging computer-generated Child Sexual Abuse Material (CSAM) – images, videos and text. This project aims to assess a large pool of (legal) media and text from such platforms/techniques and the existence of evidence of forensics value (e.g., related to provenance), as well of their reliability and robustness.

Özgür Kafalı

All projects will typically involve some element of knowledge engineering (knowledge graph, ontology) and simulation.

Cyber risk assessment and mitigation for socio-technical systems:
– synthesise security and privacy requirements based on organisational risk profile
– generate explanations for risk factors
– incorporate human security decision-making
– develop simulation tool to evaluate mitigation plans

Interactive methods to support cyber security leadership and culture in organisations:
– explore serious games and simulation for threat modelling
– design visual threat model representation, e.g. attack graphs, attack/defense trees
– conduct human subject studies to evaluate effectiveness of developed methods

Normative ethics simulator for autonomous systems:
– explore normative ethical theories and accountability
– design customizable scenarios based on domain
– develop multi-agent simulation tool for experimentation

Rogério de Lemos

Visit his University of Kent web page for more information about his research interests and publications.

Shujun Li

He is open to self-proposed topics largely aligned with his broad research interests. He is particularly interested in projects investigating the interfaces between AI and cyber security, e.g., using explainable AI (XAI) to enhance detection of deepfakes and LLM-generated content, LLM-driven modelling and visualisation of large data ecosystems (especially in health, transport and tourism), trustworthiness of AI systems and ecosystems, using LLMs to different cyber security and privacy topics such as password cracking and privacy policy analysis.

Visit his dedicated web page on his personal website for indicative research areas and topics suggested for PhD applicants. More research interests and recent publications can also be found on his personal website.

Jason Nurse

Research projects investigating the interaction between users and aspects of cyber security, privacy and trust. Example topics include human aspects of security, security culture and awareness, cybercrime, cyber harms, cyber insurance and communications in cybersecurity (e.g., how to effectively communicate after a data breach).

Visit his University of Kent web page and his personal web site for more information about his research interests and publications.

Carlos Perez-Delgado

Quantum Cybersecurity:
Various quantum technologies – for computation, communication and encryption among others – continue to be developed from hypothetical systems to real-world devices. Quantum cybersecurity studies applications of quantum technologies to cybersecurity, both offensive and defensive. The student will join an existing vibrant research group already exploring such applications–a notable recent example is the vulnerability of Bitcoin and other cryptocurrencies to quantum attacks.

The goal of the student will be to identify new potential cybersecurity vulnerabilities that can be exploited using quantum technologies, and/or to research new ways to bolster the security of systems using nascent quantum technology. Some examples of the former include quantum-technological attacks against various online systems, cloud computing, cryptocurrencies and blockchains, banking systems, and other networking systems. Some examples of the latter include quantum key-distribution and quantum cryptography, quantum secure computation, and other quantum online collaboration protocols. The research can be narrowed down within this area, depending on the applicants background and interests. The applicant should have a first degree in CS, physics, mathematics, or other related STEM field.

Quantum Software Engineering:
In an effort to stave off a repeat of the “software crisis” of the 1960s, researchers have recently begun developing the field of quantum software engineering (QSE). If software engineering is, as defined by the IEEE, “the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, as well as to the study of these approaches; that is, the application of engineering to software,” then quantum software engineering is the application of engineering to the development, operation, and maintenance of quantum software.

The goal of the student will be to help develop tools, techniques, and methodologies for the development, operation and maintenance of quantum software. The student will join a world-leading research group in QSE, behind the development of the Q-UML quantum software modelling language, and the Q-COSMIC standard metric for quantum software sizing.

Vineet Rajani

Verification methods like type systems, program logics and runtime monitoring for enforcement of properties related to data confidentiality, causality and fairness.

Type-based verification for differential privacy:
Enormous amount of data is collected every day, this data could be extremely useful in making several automated decisions. However, often this data cannot be released/used because of privacy concerns. Prior work has already shown that simple aggregation and anonymization is not sufficient to prevent privacy loss of individuals. Differential privacy is a promising approach to this problem which offers a statistical guarantee to an individual’s privacy. Intuitively, a mechanism is differentially private if the probability of obtaining a result with (or without) an individuals data is almost the same. This limits the amount of information that can learned about that individual. The aim of this project is to develop a type-theoretic framework for analysing differential privacy. We will use ideas from cost analysis and information flow control, two well studied but very different domains in formal verification.

Algorithmic fairness: theory and practice (jointly with Shujun Li):
Algorithmic decision-making (for instance, using machine learning) is increasingly being used to make socially relevant decisions like university admissions, credit rating, user profiling, and even in more sensitive areas such as HR recruitment and digital policing. While most of these approaches are often designed and calibrated with accuracy and human intervention in mind, increasingly questions of fairness of such algorithmic decision making approaches are getting more and more relevant. This raises a fundamental question: when can we call a program or an automated computational model fair? Questions of this kind are difficult to answer without having a formal definition of what is meant by fairness. The goal of this project will be to understand fairness from a formal perspective and to build methods for enforcing it. There are several directions to pursue here, including connections to security, privacy and big data analytics, depending on the interest of the applicant.

Frank Wang

Visit his University of Kent web page for more information about his research interests and publications.

PhD Electronic Engineering

Sanaul Hoque

Visit his University of Kent web page for more information about his research interests and publications.

Interdisciplinary PhD Projects

We encourage PhD applicants to consider working on interdisciplinary research topics with an interface with subjects such as Psychology, Criminology/Sociology, Business, Law, and Arts. You can have a principal supervisor from the School of Computing and a secondary one from a different academic school (discipline).

The first PhD scholarships for interdisciplinary projects in cyber security are announced as part of the 2025-26 SEDarc PhD Scholarships (deadline 23:59 GMT, Sunday 24 November 2024).

Cyber Security PhD Degree in Other Disciplines

If you are interested in a cyber security PhD degree not in the subject of Computer Science or Electronic Engineering, please visit the website of the Institute of Cyber Security for Society (iCSS), where you can find supervisors from other academic schools (disciplines) as the principal supervisor. In this case, you may want to consider one of the academics from the Cyber Security Research Group as a secondary supervisor.

Contact Us

If you are interested in pursuing a PhD degree in cyber security and need any help, please feel free to contact Professor Shujun Li, the Group Head and the iCSS Director, for advice.