Ko wai mātou? Who are we?
Te Roopu Owhiti - Cybersecurity Research Group are interested in improving the security of enterprise and home network security. The word
owhiti literally means to be alert, vigilant, watchful and on one’s guard. Our group has been working on cybersecurity problems since 2006 with our
first publication on honeypots.
Our current research builds upon recent advances in
artificial intelligence as well as our expertise in
qualitative research. Our colleagues in the
Software Programming Group work in the area of software security.
We have a particular expertise in the use of
honeypots and other deceptive technologies. Our software has been adopted by organisations such as
CERT.NL and
Mitre Corporation. A key idea of deceptive technologies is that attackers have to operate in a location under our control rather than the usual asymmetry between attackers and defenders. Our current research is applying artificial intelligence to improve the threat information we gain from honeypots and to drive responses to attacks.

Research group meeting in late 2023 with academics and postgraduate students
We apply artificial intelligence to
malware detection and collection. We believe in building our own datasets and have spent periods of four months or before collecting and curating behavioural traces of Windows ransomware. This is used in research that aims to automate tasks manually carried out by malware analysts.
We investigate
user behaviour and beliefs about security because it is important to build systems that are more secure. This work has involved phishing work and qualitative research with everyday users. Our goal is question whether users need to change or systems need to change to meet their needs.
Companies that we have work with include:
InPhySec,
TechTonics,
ZX Security and
Layer9 among others.
We also host outreach events for high school students and public events such as
https://security.ac.nz co-hosted with the New Zealand OWASP chapter.
If you are interested in our research areas and interests, please contact any of the staff whose interests match your own. For admission into Victoria University of Wellington's postgraduate programme, please refer to our section on
Postgraduate Study for details. The details for funding and other scholarship sources are also available there.
General inquiries please contact
Ian Welch,
Harith Al Sahaf or
Masood Mansoori.
Thesis Students
Staff
- Ian Welch (Associate Professor) - honeypots, malware and network security applications
- Harith Al-Sahaf (Senior Lecturer) - machine learning and security
- Arman Khouzani (Senior Lecturer)- information theory and privacy
- Masood Mansoori (Lecturer) - honeypots and networks security
- Lisa Patterson (Assistant Lecturer) - human behaviour and security
- Shabbir Abbasi (Software Engineering Programmer) - machine learning based malware analysis, detection, and classification
Alumni
PhD
Masters by research
Masters by coursework
- Lenz Bata - Finite State Automata Representation of Protocol Symbols from Network Traces (MCompSci)
- Amit Dhull - Use of Qualitative Analysis Techniques for the Design & Evaluation of Enterprise Security Architecture
- Fan Lu - Enforcing Ponder Policies using Kava (MCompSci)
- Ramez Rowhani - An Implementation of Intrusion Tolerant Replicated State Machine Service (MCompSci)
- Tujiao Li - Access Control For Web Services (MCompSci)
Honours reports
- Lewis Brook R. Powell - PECUS A Payment Mechanism Framework (2004)
- Alex Koudrin - Attestation and its Application to Distributed Systems (2004)
- Blayne Chard - Distributing Trust in Competitive Auctions (2005)
- Wayne Thomson - A STV Voter Verifiable Scheme (2005)
- Sebastian Kruger - Penalty Enforcement in Service Level Agreements: The GRIA Case Study (2007)
- Tu Nguyen - An Evaluation of Security Indicators in Internet Explorer 7 Against Phishing Attacks (2008)
- Sam Russell - Improving support for reverse engineering drive-by downloads (2010)
- Jan Von Mulert - Evaluating Client Honeypots using Metasploit (2010)
- Abdulelah AlShaiee - SackWatcher: Stack Overflow Attacks Detection System (2011)
- Waleed Alanazi - Implementing a Tool to Manipulate Dalvik byte Code; Dalvik Code Manipulator Tool (2012)
- Shadi Esnaashari - Determining Home Users’ Vulnerability to Universal Plug and Play (UPnP) Attacks (2012)
- Kathryn Cotterell - An Android Security Policy Enforcement Tool (2013)
- Leliel Trethowen - Security Visualisation Tools (2013)
- David Tredger - Fuzzing the General Packet Radio Service Tunnelling Protocol (2013)
- Micah Cinco - Zombie Beatdown: Automating the Discovery of Web Malware (2014)
- Jason Pather - Evaluating the Dangers of Telephony Metadata Collection (2014)
- Sriram Venkatesh - Cloud Key Management (2014)
- Jarrod Bakker - ACLSwitch: Enforcing a network-wide security policy using SDN (2015)
Karakia
We use the karakia in our meetings. There is an
excellent blog post on the context by Karatiana Taiuru. There Karakia are from Te Herenga Waka - Victoria University.
Karakia Timatanga or Whakamutunga (To open or close a meeting):
Audio:
opening-ending-karakia.mp3
Mauri oho
Mauri tū
Mauri ora ki a tātou
Haumi e, hui e, tāiki e!
Awaken the spirit
Engage the spirit
The spirit of life amongst us
Be united in purpose!
Karakia Whakamutunga (To close a meeting)
Audio:
audio (click ... and modify speed)
Unuhia, unuhia,
Unuhia ki te uru tapu nui
Kia wātea, kia māmā te ngākau,
te tinana, te wairua i te ara takatā
Koia rā e Rongo, whakairia ake ki runga
Kia tina! Tina! Hui e! Tāiki e!
Draw on, draw on,
Draw on the supreme sacredness
To clear, to free the heart,
the body and the spirit of mankind
Rongo, high above us
Draw together! Affirm!