Advanced Network Forensics for SDNFV Environments


  • Advanced Network Forensics for SDNFV Environments

Advanced Network Forensics for SDNFV Environments

Principal Supervisor: Prof. Sakir Sezer

+ Project Description

We live in an increasingly networked world. While this interconnection of systems can simplify our daily tasks such as banking, shopping, and working, it also exposes a volume of personal information that can be exploited for nefarious purposes. Data breach incidents are being reported by companies and organisations with greater frequency. Such incidents are predominantly orchestrated remotely relying on a network intrusion. As such, it is vital to analyse network events including network traffic, flow, and device logs to determine how an attack was carried out or how an event occurred on a network. Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) are emerging technologies in the fields of telecommunications and networking. In combination, SDNFV introduces a programmable, dynamic, and flexible network topology, which has the potential to alter how we approach network forensics. 

This research will investigate and derive forensics tools and remediation techniques for SDNs that exploit intelligence harvested from the network for resource management, network security, integrity and control.

+ Aims

The main aims of the proposed research are:    

  • To study state-of-the-art real-time traffic monitoring, analytics and forensics tools and algorithms and their suitability for SDNFV implementation.
  • To investigate various intrusion and anomaly detection algorithms and SDN-specific traffic properties such as communication types/patterns, applications etc. that can be used to detect and isolate abnormal behaviour and threats.
  • To study new methods for analysing SDNFV network usage and event extraction and correlation in a multi-tenant infrastructure with multiple SDN controllers.
  • To design and develop a forensics framework specific to SDNFV and exploiting the SDNFV architecture.

+ Academic Requirements

A minimum 2.1 honours degree or equivalent in Electrical and Electronic Engineering or relevant degree is required. 

This is a GCHQ-sponsored PhD studentship; therefore, only UK nationals are eligible for this funding.

GCHQ will be offering the student an opportunity to work more closely with them – e.g., via a short secondment or attendance at technical meetings. As such, the recipient of this studentship will have to be appropriately security cleared by GCHQ before they start their doctoral studies. 

+ General and Application Information

This GCHQ-sponsored PhD studentship provides funding for 3.5 years and commences on September 2017. It covers approved tuition fees and a maintenance grant of approx. £22,500 each year (tax-free). A further £5k of funding will also be available per annum for travel to conferences, collaborative partners, GCHQ visits, etc. 

Applicants should apply electronically through the Queen’s online application portal at:

Deadline for submission of applications is 31 May 2017.
(Early submission of applications is recommended)

+ Contact Details

Supervisor Name: Prof. Sakir Sezer     

Queens University of Belfast
School of EEECS
The Centre for Secure Information Technology (CSIT)
NI Science Park
Queens Road,



+44 (0)28 9097 1770