An ongoing cyber security research project at University of Edinburgh’s School of Informatics with a range of collaborators and students. We are working on AI and machine learning methods for network intrusion detection, based on approximate models of software built from low-level traces. Recent work includes verification methods to provide guarantees of robustness.
People
- David Aspinall, Informatics, University of Edinburgh (main contact)
- Robert Flood, Informatics, University of Edinburgh
- Gudmund Grov, Norwegian Defence Research Establishment (FFI)
Previous contributors, colleagues, collaborators and advising experts include: Wei Chen, Henry Clausen, Lieven Desmet, Gints Engelen, Alex Healing, Michael Gibson, Nikola Pavlov, Vera Rimmer, Marc Sabaté, Hugo Vincent, Chenghao Ye, Stuart Wray.
Thanks to funders and other supporters including Arm, Edinburgh Parallel Computing Centre, British Telecom Labs in Adastral Park, The Alan Turing Institute and our own School of Informatics.
Software
- DetGen: low-level synthetic network traffic generation (2019-)
- WhiffSuite: heuristics for measuring network data for NIDS research (2024-)
Publications and presentations
- Formally Verifying Robustness and Generalisation of Network Intrusion Detection Models, Robert Flood, Marco Casadio, David Aspinall and Ekaterina Komendantskaya. ACM Symposium on Applied Computing (SAC), Security Track, SEC@SAC25, March 2025.
- Bad Design Smells in Benchmark NIDS Datasets, Robert Flood, Gints Engelen, David Aspinall, Lieven Desmet. 9th IEEE European Symposium on Security and Privacy (Euro S&P), July 2024. (Distinguished paper award)
- Measuring the Complexity of Benchmark NIDS Datasets via Spectral Analysis, Robert Flood and David Aspinall. 9th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2024), July 2024.
- Traffic Microstructures and Network Anomaly Detection, Henry Clausen. University of Edinburgh PhD thesis, 2022.
- Challenges in Learning from Behaviour, invited talk, AI-CyberSec 2021 Workshop. David Aspinall (with contributions from Henry Clausen and Robert Flood).
- Controlling network traffic microstructures for machine-learning model probing. Henry Clausen, Robert Flood, and David Aspinall. 17th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2021), September 2021
- Examining traffic microstructures to improve model development. Henry Clausen and David Aspinall. 2021 IEEE Security and Privacy Workshops (SPW), May 2021
- CBAM: A Contextual Model for Network Anomaly Detection. Henry Clausen, Gudmund Grov, and David Aspinall. MDPI Computers 2021 (MDPI), June 2021
- Better anomaly detection for access attacks using deep bidirectional LSTMs. Henry Clausen, Gudmund Grov, Marc Sabaté, and David Aspinall. 3rd International Conference on Machine Learning for Networking (MLN’2020), November 2020.
- Evading stepping-stone detection with enough chaff. Henry Clausen, Michael S. Gibson, and David Aspinall. 14th International Conference on Network and System Security (NSS 2020), November 2020.
- Traffic Generation using Containerization for Machine Learning. Henry Clausen, Robert Flood and David Aspinall. Presented at ACSAC 2019 DYNAMICS, San Juan, December 2019.
- A Data-driven Toolset Using Containers to Generate Datasets for Network Intrusion Detection. Robert Flood, MSc thesis 2019.
- Towards Intelligible Robust Anomaly Detection by Learning Interpretable Behavioural Models. Gudmund Grov, Marc Sabaté, Wei Chen, and David Aspinall, Norwegian Information Security Conference, NISK 2019, Narvik, November 2019.