School of Engineering and Computer Science

Ko wai mātou? Who are we?

Te Roopu Owhiti - Cybersecurity Research Group are interested in improving the security of enterprise and home network security. The word owhiti literally means to be alert, vigilant, watchful and on one’s guard. Our group has been working on cybersecurity problems since 2006 with our first publication on honeypots.

Our current research builds upon recent advances in artificial intelligence as well as our expertise in qualitative research. Our colleagues in the Software Programming Group work in the area of software security.

We have a particular expertise in the use of honeypots and other deceptive technologies. Our software has been adopted by organisations such as CERT.NL and Mitre Corporation. A key idea of deceptive technologies is that attackers have to operate in a location under our control rather than the usual asymmetry between attackers and defenders. Our current research is applying artificial intelligence to improve the threat information we gain from honeypots and to drive responses to attacks.

We apply artificial intelligence to malware detection and collection. We believe in building our own datasets and have spent periods of four months or before collecting and curating behavioural traces of Windows ransomware. This is used in research that aims to automate tasks manually carried out by malware analysts.

We investigate user behaviour and beliefs about security because it is important to build systems that are more secure. This work has involved phishing work and qualitative research with everyday users. Our goal is question whether users need to change or systems need to change to meet their needs.

Companies that we have work with include: InPhySec, TechTonics, ZX Security and Layer9 among others.

We also host outreach events for high school students and public events such as https://security.ac.nz co-hosted with the New Zealand OWASP chapter.

If you are interested in our research areas and interests, please contact any of the staff whose interests match your own. For admission into Victoria University of Wellington's postgraduate programme, please refer to our section on Postgraduate Study for details. The details for funding and other scholarship sources are also available there.

General inquiries please contact Ian Welch, Arman Khouzani, Lisa Patterson or Shabbir Abbasi.

Thesis Students

• Abdullah Mamun - AI-powered detection of APT attacks (PhD)
• Dedy Hendro - Explainable AI for Cybersecurity (PhD)
• Lisa Patterson - Privacy and Security for the Everyday Home User (PhD)
• Maryam Var Naseri - AI-powered autonomic honeypots (PhD)

Staff

• Ian Welch (Associate Professor) - honeypots, malware and network security applications
• Harith Al-Sahaf (Honorary Research Associate) - machine learning and security
• Arman Khouzani (Senior Lecturer)- information theory and privacy
• Lisa Patterson (Assistant Lecturer) - human behaviour and security
• Shabbir Abbasi (Cybersecurity Programmer) - machine learning based malware analysis, detection, and classification

Alumni

Staff

• Masood Mansoori (Lecturer) - honeypots and networks security

PhD

• Mohammed Al Shaboti - Optimisation of IoT Policies (PhD)
• Shabbir Abbasi - Ransomware detection using Machine Learning (PhD)
• Juaid Haseeb - Deception-Based Security Framework for IoT: An Empirical Study (PhD)
• Masood Mansoori - Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks (PhD)
• Abigail Koay - Detection of Low Intensity Distributed Denial of Service Attacks (PhD)
• Ferry Hendrix - GRAFT: A Distributed Recommendation Framework
• Van Lam Le - Applying AI to Client Honeypot Systems (PhD)
• Benjamin Palmer - Anonymous verifiable reseller transactions (PhD)
• Christian Seifert - Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots (PhD)

Masters by research

• Jay Nowitz - A Modern Perspective on Phishing: An investigation into susceptibility to phishing attacks between mobile and desktop email clients (ME)
• Kaishuo Yang -- Reverse Engineering of an Obfuscated Binary (ME)
• Ryan Chard -- Reputation Description and Interpretation (ME)
• Matthew Stevens - Applying Formal Modelling to the Specification and Testing of SDN Network Functionality (ME)
• Hugh Davenport - Implementing a Framework for Verifying Reseller Transactions (ME)
• Shadi Esnaashari - Invisible Barriers: Identifying restrictions affecting New Zealanders' access to the Internet link (MSc)
• Benjamin Palmer - Verifying Anonymous Auctions (MSc)
• Dean Pemberton - An Empirical Study of Internet Background Radiation Arrival Density and Network Telescope Sampling Strategies (MSc)
• Paul Radford - An Architecture for Managing Security Alerts (MSc)
• Wayne Thomson - GAF: A General Auction Framework for Secure Combinatorial Auctions link (MSc)
• Pacharawit Topark-Ngarm - Mobile Client Honeypots (MSc)
• David Stirling - Enhancing Client Honeypots with Grid Services and Workflows (MSc)

Masters by coursework

• Lenz Bata - Finite State Automata Representation of Protocol Symbols from Network Traces (MCompSci)
• Amit Dhull - Use of Qualitative Analysis Techniques for the Design & Evaluation of Enterprise Security Architecture
• Fan Lu - Enforcing Ponder Policies using Kava (MCompSci)
• Ramez Rowhani - An Implementation of Intrusion Tolerant Replicated State Machine Service (MCompSci)
• Tujiao Li - Access Control For Web Services (MCompSci)

Honours reports

• Lewis Brook R. Powell - PECUS A Payment Mechanism Framework (2004)
• Alex Koudrin - Attestation and its Application to Distributed Systems (2004)
• Blayne Chard - Distributing Trust in Competitive Auctions (2005)
• Wayne Thomson - A STV Voter Verifiable Scheme (2005)
• Sebastian Kruger - Penalty Enforcement in Service Level Agreements: The GRIA Case Study (2007)
• Tu Nguyen - An Evaluation of Security Indicators in Internet Explorer 7 Against Phishing Attacks (2008)
• Sam Russell - Improving support for reverse engineering drive-by downloads (2010)
• Jan Von Mulert - Evaluating Client Honeypots using Metasploit (2010)
• Abdulelah AlShaiee - SackWatcher: Stack Overflow Attacks Detection System (2011)
• Waleed Alanazi - Implementing a Tool to Manipulate Dalvik byte Code; Dalvik Code Manipulator Tool (2012)
• Shadi Esnaashari - Determining Home Users’ Vulnerability to Universal Plug and Play (UPnP) Attacks (2012)
• Kathryn Cotterell - An Android Security Policy Enforcement Tool (2013)
• Leliel Trethowen - Security Visualisation Tools (2013)
• David Tredger - Fuzzing the General Packet Radio Service Tunnelling Protocol (2013)
• Micah Cinco - Zombie Beatdown: Automating the Discovery of Web Malware (2014)
• Jason Pather - Evaluating the Dangers of Telephony Metadata Collection (2014)
• Sriram Venkatesh - Cloud Key Management (2014)
• Jarrod Bakker - ACLSwitch: Enforcing a network-wide security policy using SDN (2015)

Other information

• Internal lab wiki

• Group gitlab repository