Malware Vulnerabilities as a Heuristic for Layering Defence Mechanism in Detection Technology
Applications are now CLOSED
When uncovering vulnerabilities, we often think of finding flaws and reporting bugs in popular software or products. The goal of such endeavours is to discover security vulnerabilities and weaknesses before malicious actors do. Different companies create bug bounty programs to leverage the hacker community to improve their system's security over time continuously. However, there has been a limited effort in the opposite direction - finding flaws and vulnerabilities in malware payloads that stop them from spreading and infecting the system. Like benign applications, malware is also prone to flaws and vulnerabilities which can cause it to crash, stop execution or which can serve as backdoors for white hats to undo the damage or at the very least, buy precious time and give organizations breathing room to update their systems. A case in point is WannaCry, the biggest ransomware attack in history, which spread within days to more than 250,000 systems in 150 countries was stopped by registering a web domain found in the malware's code. Once the ransomware checked the URL and found that it was active, it was shut down – buying precious time and giving organizations breathing room to update their systems. Such vulnerabilities can often persist in malware and many of its variants for a long time across different target platforms. This project aims to build a system that uncovers exploitable flaws and defects in malicious software as a kill-switch approach.
Vulnerabilities are not exclusive to legitimate software[4,5]. Performing software quality assurance checks on malware has many benefits. The identified vulnerabilities can be classified according to MITRE's Common Weakness Enumeration list to get a more detailed definition and consequences of such vulnerabilities. Security vendors can leverage these vulnerabilities to develop different types of signatures to detect and prevent such malware attacks as a kill-switch approach. This research aims to investigate multiple prevalent malware families across a broad range to uncover vulnerabilities that could be exploited as part of the protection system. The research questions this project aims to answer are:
• RQ1 - What types of vulnerabilities exist in different malware families and types, and how prevalent are they?
• RQ2 - What are the overlaps and differences between vulnerabilities in legitimate software applications and malicious binaries?
• RQ3 - Can system infection be prevented or contained using weaknesses and vulnerabilities in the malware?
• RQ4 - Are malware flaws and vulnerabilities genuine, or are they escape mechanisms?
• RQ5 - Does identifying vulnerabilities in malware aid the malware detection and family classification problem?
The analysis will be performed on large-scale samples across several datasets that are representative of modern commodity malware and Advanced Persistent Threat (APT) malware that considers historical coherence and family information. The focus of the research will be on Windows as the dominant operating system in terms of popularity and the most frequently targeted by malware.
1. Finding the kill switch to stop the spread of ransomware https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0
2. Nirmal Singh & Uday Pratap Singh (2021), Bugs in Malware – Uncovering Vulnerabilities Found in Malware Payloads, Virus Bulletin, VB2021 localhost
3. Srivani Reddy (2022), Ransomware-as-a-Service First $50K Bounty Paid by Gang LockBit [https://cyberdaily.securelayer7.net/ransomware-as-a-service-first-50k-bounty-paid-by-gang-lockbit/]
4. Maria Henriquez (2021) Bugs in malware creating backdoors for security researchers [https://www.securitymagazine.com/articles/96348-bugs-in-malware-creating-backdoors-for-security-researchers]
5. Adam Bannister (2021) Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware [https://portswigger.net/daily-swig/introducing-malvuln-com-the-first-website-exclusively-dedicated-to-revealing-security-vulnerabilities-in-malware]
6. Ankit Anubhav (2019) Crash and Burn :: How to crash a Mirai C2 server & why it works. [https://www.ankitanubhav.info/post/crash]
7. Barr-Smith, F., Ugarte-Pedrero, X., Graziano, M., Spolaor, R. and Martinovic, I., 2021, May. Survivalism: Systematic analysis of windows malware living-off-the-land. In 2021 IEEE Symposium on Security and Privacy (SP) (pp. 1557-1574). IEEE.
*Please note that the deadline for applications from international candidates closed on 28 February*
This project is funded through the CSIT Doctoral Training Programme. The scholarships are fully funded, with an additional stipend for 42 months and an industrial top-up worth £30k per student. You will also benefit from the opportunity to be considered for a 1-to-3 months placement in industry with one of our partners, as well as enhanced training in leadership, professional skills and much more.
For full details on the funding/training package available, and candidate eligibility criteria, please visit https://www.qub.ac.uk/ecit/CSIT/Cyber-AIHub/
The minimum academic requirement for admission is normally an Upper Second Class Honours degree from a UK or ROI Higher Education provider in a relevant discipline, or an equivalent qualification acceptable to the University.
Full-time: 3.5 Years
Computer Science overview
The School of Electronics, Electrical Engineering and Computer Science (EEECS) aims to enhance the way we use technology in communication, data science, computing systems, cyber security, power electronics, intelligent control, and many related areas.
You’ll be part of a dynamic doctoral research environment and will study alongside students from over 40 countries world wide; we supervise students undertaking research in key areas of computer science, including: computing systems, artificial intelligence and cybersecurity. As part of a lively community of over 100 full-time and part-time research students you’ll have the opportunity to develop your research potential in a vibrant research community that prioritises the cross-fertilisation of ideas and innovation in the advancement of knowledge.
Within the School we have a number of specialist research centres including a Global Research Institute, the Institute of Electronics, Communications and Information Technology (ECIT) specialising in Cyber Security, Wireless Innovation and Data Science and scalable computing.
Many PhD studentships attract scholarships and top-up supplements. PhD programmes provide our students with the opportunity to acquire an extensive training in research techniques.
Computer Science Highlights
- ECIT brings together, in one building, internationally recognised research groups specialising in key areas of advanced digital and communications technology.
- Queen’s researchers have strong links with the local industry, which boasts a rich mix of local startups and multi-nationals. Belfast is the second fastest growing region in the UK in terms of Knowledge Economy activity (Northern Ireland Economy Report, 2018).
- CSIT brings together research specialists in complementary fields such as data security, network security systems, wireless-enabled security systems, intelligent surveillance systems; and serves as the national point of reference for knowledge transfer in these areas.
World Class Facilities
- The state-of-the-art £14m Computer Science Building and the Institute of Electronics, Communications and Information Technology offer bespoke research environments.
The Institute of Electronics, Communications and Information Technology (ECIT), with state-of-the-art technology, offers a bespoke research environment.
Internationally Renowned Experts
- You will be working under the supervision of leading international academic experts.
Research students are encouraged to play a full and active role in relation to the wide range of research activities undertaken within the School and there are many resources available including:
- A wide range of personal development and specialist training courses offered through the Personal Development Programme
- Access to the Queen's University Postgraduate Researcher Development Programme
- Office accommodation with access to computing facilities and support to attend conferences for full-time PhD students
To do a PhD was one of the most challenging but rewarding decisions I have taken. While having a PhD was helpful in the job market, the real benefit was in stretching my mind and deepening my thinking. This is proving particularly useful as I head up a new local R&D team which has to stay ahead of the game by exploiting the latest research.
R&D Team Leader, Mintel
Research within the School is organised into research themes combining strengths by working together on major projects, in many cases in collaboration with key technology companies.
ECIT brings together internationally recognised research groups specialising in key areas of advanced digital and communications technology.
PhD Opportunities are available in a wide range of computer science subjects, aligned to the specific expertise of our PhD supervisors.
Queen’s is a leader in commercial impact and one of the five highest performing universities in the UK for intellectual property commercialisation. We have created over 80 spin-out companies. Three of these -
Kainos, Andor Technology and Fusion Antibodies - have been publicly listed on the London Stock Exchange.
Queen’s has strong collaborative links with industry in Northern Ireland, and internationally. It has a strong funding track record with EPSRC and the EC H2020 programme.
The research profile produced by the 2014 UK Research Excellence Framework (REF) graded 80 per cent of our research activity as 'world-leading' or 'internationally excellent', confirming the School's reputation as an internationally-leading department.
For further information on career opportunities at PhD level please contact the Faculty of Engineering and Physical Sciences Student Recruitment Team on askEPS@qub.ac.uk. Our advisors - in consultation with the School - will be happy to provide further information on your research area, possible career prospects and your research application.
People teaching you
Course structureThere is no specific course content as such. You are expected to take research training modules that are supported by the School which focus on quantitative and qualitative research methods. You are also expected to carry out your research under the guidance of your supervisor.
Over the course of study you can attend postgraduate skills training organised by the Graduate School.
You will normally register, in the first instance, as an ‘undifferentiated PhD student’ which means that you have satisfied staff that you are capable of undertaking a research degree. The decision as to whether you should undertake a PhD is delayed until you have completed ‘differentiation’.
Differentiation takes place about 8-9 months after registration for full time students and about 16-18 months for part time students: You are normally asked to submit work to a panel of up two academics and this is followed up with a formal meeting with the ‘Differentiation Panel’. The Panel then make a judgement about your capacity to continue with your study. Sometimes students are advised to revise their research objectives or to consider submitting their work for an MPhil qualification rather than a doctoral qualification.
To complete with a doctoral qualification you will be required to submit a thesis of approx 80,000 words and you will be required to attend a viva voce [oral examination] with an external and internal examiner to defend your thesis.
A PhD programme runs for 3-4 years full-time or 6-8 years part-time. Students can apply for a writing up year should it be required.
The PhD is open to both full and part time candidates and is often a useful preparation for a career within academia or consultancy.
Full time students are often attracted to research degree programmes because they offer an opportunity to pursue in some depth an area of academic interest.
The part time research degree is an exciting option for professionals already working in the education field who are seeking to extend their knowledge on an issue of professional interest. Often part time candidates choose to research an area that is related to their professional responsibilities.
If you meet the Entry Requirements, the next step is to check whether we can supervise research in your chosen area. We only take students to whom we can offer expert research supervision from one of our academic staff. Therefore, your research question needs to engage with the research interests of one of our staff.
- Assessment processes for the Research Degree differ from taught degrees. Students will be expected to present write up their work at regular intervals to their supervisor who will provide written and oral feedback; a formal assessment process takes place annually.
This Annual Progress Review requires students to present their work in writing and orally to a panel of academics from within the School. Successful completion of this process will allow students to register for the next academic year.
The final assessment of the doctoral degree is both oral and written. Students will submit their thesis to an internal and external examining team who will review the written thesis before inviting the student to orally defend their work at a Viva Voce.
- Supervisors will offer feedback on the research work at regular intervals throughout the period of registration on the degree.
Full time PhD students will have access to a shared office space and access to a desk with personal computer and internet access.
The minimum academic requirement for admission to a research degree programme is normally an Upper Second Class Honours degree from a UK or ROI HE provider, or an equivalent qualification acceptable to the University. Further information can be obtained by contacting the School.
For information on international qualification equivalents, please check the specific information for your country.
English Language Requirements
Evidence of an IELTS* score of 6.0, with not less than 5.5 in any component or equivalent qualification acceptable to the University is required (*taken within the last 2 years).
International students wishing to apply to Queen's University Belfast (and for whom English is not their first language), must be able to demonstrate their proficiency in English in order to benefit fully from their course of study or research. Non-EEA nationals must also satisfy UK Visas and Immigration (UKVI) immigration requirements for English language for visa purposes.
For more information on English Language requirements for EEA and non-EEA nationals see: www.qub.ac.uk/EnglishLanguageReqs.
If you need to improve your English language skills before you enter this degree programme, INTO Queen's University Belfast offers a range of English language courses. These intensive and flexible courses are designed to improve your English ability for admission to this degree.
|Northern Ireland (NI) 1||£4,596|
|Republic of Ireland (ROI) 2||£4,596|
|England, Scotland or Wales (GB) 1||£4,596|
|EU Other 3||£23,850|
1 EU citizens in the EU Settlement Scheme, with settled or pre-settled status, are expected to be charged the NI or GB tuition fee based on where they are ordinarily resident, however this is provisional and subject to the publication of the Northern Ireland Assembly Student Fees Regulations. Students who are ROI nationals resident in GB are expected to be charged the GB fee, however this is provisional and subject to the publication of the Northern Ireland Assembly student fees Regulations.
2 It is expected that EU students who are ROI nationals resident in ROI will be eligible for NI tuition fees. The tuition fee set out above is provisional and subject to the publication of the Northern Ireland Assembly student fees Regulations.
3 EU Other students (excludes Republic of Ireland nationals living in GB, NI or ROI) are charged tuition fees in line with international fees.
All tuition fees quoted are for the academic year 2021-22, and relate to a single year of study unless stated otherwise. Tuition fees will be subject to an annual inflationary increase, unless explicitly stated otherwise.
More information on postgraduate tuition fees.
Computer Science costs
There are no specific additional course costs associated with this programme.
Additional course costs
Depending on the programme of study, there may also be other extra costs which are not covered by tuition fees, which students will need to consider when planning their studies . Students can borrow books and access online learning resources from any Queen's library. If students wish to purchase recommended texts, rather than borrow them from the University Library, prices per text can range from £30 to £100. Students should also budget between £30 to £100 per year for photocopying, memory sticks and printing charges. Students may wish to consider purchasing an electronic device; costs will vary depending on the specification of the model chosen. There are also additional charges for graduation ceremonies, and library fines. In undertaking a research project students may incur costs associated with transport and/or materials, and there will also be additional costs for printing and binding the thesis. There may also be individually tailored research project expenses and students should consult directly with the School for further information.
Some research programmes incur an additional annual charge on top of the tuition fees, often referred to as a bench fee. Bench fees are charged when a programme (or a specific project) incurs extra costs such as those involved with specialist laboratory or field work. If you are required to pay bench fees they will be detailed on your offer letter. If you have any questions about Bench Fees these should be raised with your School at the application stage. Please note that, if you are being funded you will need to ensure your sponsor is aware of and has agreed to fund these additional costs before accepting your place.
How do I fund my study?1.PhD Opportunities
Find PhD opportunities and funded studentships by subject area.2.Funded Doctoral Training Programmes
We offer numerous opportunities for funded doctoral study in a world-class research environment. Our centres and partnerships, aim to seek out and nurture outstanding postgraduate research students, and provide targeted training and skills development.3.PhD loans
The Government offers doctoral loans of up to £26,445 for PhDs and equivalent postgraduate research programmes for English- or Welsh-resident UK and EU students.4.International Scholarships
Information on Postgraduate Research scholarships for international students.
Funding and Scholarships
The Funding & Scholarship Finder helps prospective and current students find funding to help cover costs towards a whole range of study related expenses.
How to Apply
Apply using our online Postgraduate Applications Portal and follow the step-by-step instructions on how to apply.
Find a supervisor
If you're interested in a particular project, we suggest you contact the relevant academic before you apply, to introduce yourself and ask questions.
To find a potential supervisor aligned with your area of interest, or if you are unsure of who to contact, look through the staff profiles linked here.
You might be asked to provide a short outline of your proposal to help us identify potential supervisors.