Cybersecurity research group portrait RGB r.jpg

Ko wai mātou? Who are we?

Te Roopu Owhiti - Cybersecurity Research Group are interested in improving the security of enterprise and home network security. The word owhiti literally means to be alert, vigilant, watchful and on one’s guard. Our group has been working on cybersecurity problems since 2006 with our first publication on honeypots.

Our current research builds upon recent advances in artificial intelligence as well as our expertise in qualitative research. Our colleagues in the Software Programming Group work in the area of software security.

We have a particular expertise in the use of honeypots and other deceptive technologies. Our software has been adopted by organisations such as CERT.NL and Mitre Corporation. A key idea of deceptive technologies is that attackers have to operate in a location under our control rather than the usual asymmetry between attackers and defenders. Our current research is applying artificial intelligence to improve the threat information we gain from honeypots and to drive responses to attacks.

41360 REC002 copy.jpg
Research group meeting in late 2023 with academics and postgraduate students

We apply artificial intelligence to malware detection and collection. We believe in building our own datasets and have spent periods of four months or before collecting and curating behavioural traces of Windows ransomware. This is used in research that aims to automate tasks manually carried out by malware analysts.

We investigate user behaviour and beliefs about security because it is important to build systems that are more secure. This work has involved phishing work and qualitative research with everyday users. Our goal is question whether users need to change or systems need to change to meet their needs.

Companies that we have work with include: InPhySec, TechTonics, ZX Security and Layer9 among others.

We also host outreach events for high school students and public events such as co-hosted with the New Zealand OWASP chapter.

If you are interested in our research areas and interests, please contact any of the staff whose interests match your own. For admission into Victoria University of Wellington's postgraduate programme, please refer to our section on Postgraduate Study for details. The details for funding and other scholarship sources are also available there.

General inquiries please contact Ian Welch, Harith Al Sahaf or Masood Mansoori.

Thesis Students


  • Ian Welch (Associate Professor) - honeypots, malware and network security applications
  • Harith Al-Sahaf (Senior Lecturer) - machine learning and security
  • Arman Khouzani (Senior Lecturer)- information theory and privacy
  • Masood Mansoori (Lecturer) - honeypots and networks security
  • Lisa Patterson (Assistant Lecturer) - human behaviour and security
  • Shabbir Abbasi (Software Engineering Programmer) - machine learning based malware analysis, detection, and classification



Masters by research

Masters by coursework

  • Lenz Bata - Finite State Automata Representation of Protocol Symbols from Network Traces (MCompSci)
  • Amit Dhull - Use of Qualitative Analysis Techniques for the Design & Evaluation of Enterprise Security Architecture
  • Fan Lu - Enforcing Ponder Policies using Kava (MCompSci)
  • Ramez Rowhani - An Implementation of Intrusion Tolerant Replicated State Machine Service (MCompSci)
  • Tujiao Li - Access Control For Web Services (MCompSci)

Honours reports

  • Lewis Brook R. Powell - PECUS A Payment Mechanism Framework (2004)
  • Alex Koudrin - Attestation and its Application to Distributed Systems (2004)
  • Blayne Chard - Distributing Trust in Competitive Auctions (2005)
  • Wayne Thomson - A STV Voter Verifiable Scheme (2005)
  • Sebastian Kruger - Penalty Enforcement in Service Level Agreements: The GRIA Case Study (2007)
  • Tu Nguyen - An Evaluation of Security Indicators in Internet Explorer 7 Against Phishing Attacks (2008)
  • Sam Russell - Improving support for reverse engineering drive-by downloads (2010)
  • Jan Von Mulert - Evaluating Client Honeypots using Metasploit (2010)
  • Abdulelah AlShaiee - SackWatcher: Stack Overflow Attacks Detection System (2011)
  • Waleed Alanazi - Implementing a Tool to Manipulate Dalvik byte Code; Dalvik Code Manipulator Tool (2012)
  • Shadi Esnaashari - Determining Home Users’ Vulnerability to Universal Plug and Play (UPnP) Attacks (2012)
  • Kathryn Cotterell - An Android Security Policy Enforcement Tool (2013)
  • Leliel Trethowen - Security Visualisation Tools (2013)
  • David Tredger - Fuzzing the General Packet Radio Service Tunnelling Protocol (2013)
  • Micah Cinco - Zombie Beatdown: Automating the Discovery of Web Malware (2014)
  • Jason Pather - Evaluating the Dangers of Telephony Metadata Collection (2014)
  • Sriram Venkatesh - Cloud Key Management (2014)
  • Jarrod Bakker - ACLSwitch: Enforcing a network-wide security policy using SDN (2015)


We use the karakia in our meetings. There is an excellent blog post on the context by Karatiana Taiuru. There Karakia are from Te Herenga Waka - Victoria University.

Karakia Timatanga or Whakamutunga (To open or close a meeting):

Audio: opening-ending-karakia.mp3

Mauri oho
Mauri tū
Mauri ora ki a tātou
Haumi e, hui e, tāiki e!

Awaken the spirit
Engage the spirit
The spirit of life amongst us
Be united in purpose!

Karakia Whakamutunga (To close a meeting)

Audio: audio (click ... and modify speed)

Unuhia, unuhia,
Unuhia ki te uru tapu nui
Kia wātea, kia māmā te ngākau,
te tinana, te wairua i te ara takatā
Koia rā e Rongo, whakairia ake ki runga
Kia tina! Tina! Hui e! Tāiki e!

Draw on, draw on,
Draw on the supreme sacredness
To clear, to free the heart,
the body and the spirit of mankind
Rongo, high above us
Draw together! Affirm!

Other information