Game-theoretic approaches towards insider threat detection and mitigation

Project title: Game-theoretic approaches towards insider threat detection and mitigation

Director of Studies: Dr Maria Papadaki

Second Supervisor: Dr Matthew Craven

Project description

The importance of insider threats is routinely highlighted in cyber security surveys. Intel Security’s 2015 report identified insiders as responsible for 43 per cent of data leakage incidents, whereas Ponemon Institute’s 2016 report identified the risk from disgruntled or negligent employees during company acquisitions to be the most significant cyber crime risk during business innovation. The media attention on highly publicised incidents, such as Manning, Snowden, Target, and Nortel also served to highlight the issue. However, the readiness to detect and mitigate them often seems overlooked. The discovery timeline for insider and privilege misuse is more likely to take months and years, rather than weeks or days.

Insider threat detection has concentrated on both technical and hybrid solutions. Detecting insider threats is not a purely technical solution. The human factor plays an important role, with recent research recognising this importance. Subfactors are personality traits, psychological and psychosocial data, as well as motivations and possible catalysts of insider events. However, insider threat detection remains a complex problem, with users continuing to exhibit conflicting agendas and interests.

The proposed research aims to explore the applicability and efficiency of Evolutionary Algorithms and other metaheuristics in detection and mitigation of insiders. Game theory models decision-making and competing interactions between individuals, with conflicting interests, incentives and strategies. Individuals behave according to given rules or tendencies inferred from data, game theory enabling prediction of likely attacks and best strategies to defend them. Rather than an analytical approach, the research proposes a probabilistic method based on Evolutionary Algorithms which aims to produce highly accurate defence strategies and detect threats from the given data. The research will lead to the evaluation of a prototype system, using the CERT Insider Threat dataset, in order to deliver a practical measure of the resulting effectiveness.


Applicants should have a minimum of a first class or upper second class bachelor degree in computer science or a related subject. Applications from candidates with a relevant Masters qualification will be welcomed. Strong programming skills are required, and skills in machine learning, game theory and network security are also welcomed.


The studentship is supported for three years and includes full home/EU tuition fees plus a stipend of £14,553 per annum. The studentship will only fund those applicants who are eligible for home/EU fees with relevant qualifications. Applicants required to cover overseas fees will have to cover the difference between home/EU and overseas tuition fee rates (approximately £10,350 per annum). General information about applying for a research degree at the University is available at:

You can apply via the online application form which can be found at: and select ‘Apply’.

Please mark it FAO Mrs Carole Watson and clearly state that you are applying for a PhD studentship within the School of Computing, Electronics and Mathematics.

For more information on the admissions process contact Carole Watson.

Closing date for applications: 12 noon, 6 April 2018.

Shortlisted candidates will be invited for interview in April. We regret that we may not be able to respond to all applications. Applicants who have not received an offer of a place by 4 May 2018 should consider their application has been unsuccessful on this occasion.