EPSRC logo

Details of Grant 

EPSRC Reference: EP/K03345X/1
Title: Identifying and Modelling Victim, Business, Regulatory and Malware Behaviours in a Changing Cyberthreat Landscape
Principal Investigator: Rana, Professor O
Other Investigators:
Rajarajan, Professor M Komisarczuk, Professor PP Matthews, Professor KGP
Levi, Professor M Furnell, Professor SM Wall, Professor D
Burnap, Professor P Knight, Dr V Clarke, Professor N
Ganis, Dr G Stengel, Dr I Williams, Professor ML
Researcher Co-Investigators:
Project Partners:
Department: Computer Science
Organisation: Cardiff University
Scheme: Standard Research
Starts: 23 September 2013 Ends: 22 March 2017 Value (£): 1,016,595
EPSRC Research Topic Classifications:
Criminal Law & Criminology Criminology
Mathematical & Statistic Psych Modelling & simul. of IT sys.
Networks & Distributed Systems Statistics & Appl. Probability
EPSRC Industrial Sector Classifications:
No relevance to Underpinning Sectors
Related Grants:
Panel History:
Panel DatePanel NameOutcome
20 Feb 2013 EPSRC CEReS Feb 2013 Announced
Summary on Grant Application Form
HM Cabinet Office and Detica reported in 2011 that the annual cost to the UK economy from cybercrime was £27 billion. Regardless of the accuracy of this estimate the British Crime Survey and Eurostat ICT survey evidence that cybercrime is now the typical volume property crime in the UK, impacting more of the public than traditional acquisitive crimes such as burglary and car theft. Because of its global nature similar estimates of the prevalence and losses of cybercrime are found in most other countries. However, whilst most politicians, police, and business leaders agree that cybercrimes are one of the greatest crime challenges of modern times, few seem to fully understand what causes them and how to best predict their occurrence and limit their impact upon the UK economy and society.

This project aims to address these uncertainties using methods and concepts from a range of disciplines including criminology, psychology, economics, mathematics and computer science. The key objectives of the project are to identify, understand and predict:

1. The behaviour of malware and human cyber perpetrators within and outside of Cloud environments;

2. Business risk assessment practices, threat awareness levels, and adaptive behaviours as related to cybercrime;

3. The response of criminal justice agencies to cybercrime and business trust in the regulatory system;

4. Business and criminal justice cyber security practices (e.g. information sharing) in relation to issues of privacy, accountability and civil liberties.

The project will develop a computational tool that will assist in the prediction of business related cyber attacks. For the first time both technical (e.g. malware behaviour, network vulnerabilities etc.) and human/organisational (level of cooperation, perception of risk, threat assessment, costs, criminal justice response etc.) measures will be combined in this predictive process. It is envisaged that this tool will assist both policy makers and practitioners in the field of cyber security and crime. It will identify which businesses (by sector, size, level of cooperation etc.) are most vulnerable to attack allowing policy, codes of practice and advice to be tailored and targeted. The tool also has the potential to provide digital and human/organisational forms of evidence and other information relevant to investigation and prosecution proceedings. In order to disseminate the tool and results from the research we will incorporate an action research element where we will develop a forum (two workshops in years 2&3) where initial or draft (but verified) findings are released in stages, through briefing papers to businesses of varying sectors and sizes (particularly SMEs). We will also disseminate results via peer-reviewed journal articles and conferences. Throughout the project via the advisory group we will link into other key commercial initiatives (e.g. Saturn project at BT Labs) and statutory and third sector organisations such as ENISA, the Honeynet Project, Home Office; Cabinet Office Identity Assurance Programme; Office for National Statistics; National Fraud Authority; Serious Fraud Office; Trading Standards; Serious Organised Crime Agency/National Crime Agency; Association of Chief Police Officers; Met Police Central eCrime Unit; NPIA/Police College; EADS; Get Safe Online, Liberty and Wise Kids.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.cf.ac.uk