Enhancing cyber security information sharing

Cyber threat information sharing platforms are carefully engineered systems in which users of the systems contribute to the reporting of cyber threat information. However, with wider adoption of these platforms research is required to improve the utility to be gained from the reported cyber threat information. 

Start date
1 October 2019
Application deadline
Funding source
UK Government
Funding information

This research project has funding attached. Funding for this project is available to UK citizens. A stipend of £22k tax free and fees are covered per year.


The project aims to consider the application of machine learning and decision support strategies to make sense of vast array of cyber threat information. It will define models for identifying attack vectors, levels of trust in users, and then identifying changes of user behaviour that indicate propensity to move from trusted to threatening behaviour.

This research is supported by the UK Government and it is in partnership with Surevine and BAE Systems Applied Intelligence. The PhD student will work at the University of Surrey, at the Surrey Centre for Cyber Security (SCCS) and with the Centre for Vision and Signal Processing (CVSSP).

If you are fascinated about machine learning and security and you have knowledge of any of the following: machine learning, cyber risks, web development and APIs, please contact the supervisor for any further enquiries about the post or apply directly.

Information sharing of threat intelligence across different organisations is becoming increasingly important in order to improve organisations’ ability to defend against cyber attacks. Moreover, national security and government organisations such as NCSC and NIST are driving initiatives and awareness of the need to develop cyber threat information sharing relationships. There are a number of platforms currently being developed to support a common infrastructure and protocols for sharing cyber threat information. The adoption of these platforms is gaining wide industry support.

With wider scale adoption two main research challenges emerge around the improved utility of the information and its trustworthiness which goes beyond the functionality offered currently by the existing platforms:

  • How can an assessment be made of the information being stored in the platform in order a) to customise and categorise the information presented to users
  • How can the threat information posted to a platform be guaranteed to be from a particular source?

The main objectives of the studentship are:

  • To identify what can be done in order to analyse the impact of the threat information
  • To develop machine learning algorithms that could be new and/or adapted from existing algorithms. These will be evaluated in the context of information sharing platforms, and to evaluate them in the context of real information from different industry sectors
  • To develop machine learning and security techniques to improve the assessment of users’ trustworthiness within information sharing platforms.

The technical approach will focus initially on using machine learning techniques in the context of information to decide what information is most relevant to a user of a platform and also clustering information based on semantic content similarity in order to derive a clearer picture of the scope of the threat.

There is also scope in the studentship to pivot to investigate the scalability of registering users to access platforms via decentralisation, since users are not just people, they may be external data sources.

This studentship post is supported by the UK Government and it is in partnership with Surevine and BAE Systems Applied Intelligence.

Related links
Surrey Centre for Cyber Security

Eligibility criteria


  • Bachelor degree in computer science, having achieved a a first.
  • Interest in cyber security and machine learning
  • Programming experience (any language e.g Java, Python) and a good understanding of web, HTTP, and REST APIs with familiarity of JSON and Javascript
  • Analytical skills: knowledge of foundations of computer science; ability to think independently
  • Strong verbal and written communication skills, both in plain English and scientific language for publication in relevant journals and presentation at conferences.


  • Masters degree (UK equivalent of Merit classification or above)
  • Knowledge of cyber security and computer networks
  • Experience in machine learning
  • An understanding of different authentication mechanisms including OAuth 2.0.

This studentship is only open to UK citizens.

How to apply

To apply for this studentship, you will have to first apply to study our Computer Science PhD. During your application for the PhD mention this studentship to be considered.

Computer Science PhD

Contact details

Helen Treharne
12 BB 02
Telephone: +44 (0)1483 683161
E-mail: H.Treharne@surrey.ac.uk

Studentships at Surrey

We have a wide range of studentship opportunities available.