Back to search results

PhD Studentships: Towards Interpretable and Actionable Provenance-based Intrusion Reports

University of Bristol - Computer Science

Qualification Type: PhD
Location: Bristol
Funding for: UK Students
Funding amount: £22,000 + p.a. (subject to contracts)
Hours: Full Time
Placed On: 13th February 2019
Closes: 14th April 2019

The project:

Computer systems are vulnerable. Not a day goes by without news of another data leak or security breach. Computer systems are massive, complex, human-created systems — and they are inherently flawed — we don’t have the technology to build perfect systems. Therefore, we need to develop a mechanism to respond quickly and accurately to intrusions. Currently, there is much research focused on detecting intrusions, which is a good start, but once we detect an intrusion, the immediate question is, “What is the root cause of the intrusion? What kinds of information are involved in it? How do we fix it?” This is the problem we aim to address, through sophisticated visualisation of the system execution. Our goal is to transform intrusion detection systems and data into a visualisation that makes apparent the right action to take.

Information is only meaningful if it can be communicated effectively. While there is a growing security community exploring provenance-based intrusion detection. However, the impact on the industry has been minimal. On the one hand there is mounting pieces of evidence that the capture of causality relationships in provenance graphs improves greatly over standard audit log format; on the other hand, the average human is not efficient in interpreting large and complex graphs. The student work will be vital in moving this body of work outside of the research community, by providing means to communicate the results effectively.  We identify Three main objectives:

  1. To study graph summarisation techniques to extract human-relevant information.
  2. To design effective communication vehicles targeted at well-defined audiences through graphical or textual means.
  3. To study ML techniques used in automated provenance-based forensic and intrusion detection with the goal to identify methods to build more interpretable models.

How to apply:

Prior to application if you are interested, please email ( with your CV and academic transcripts. The formal application process can then be discussed.

Please make an online application for this project at Please select < Computer Science > on the Programme Choice page and enter details of the studentship when prompted in the Funding and Research Details sections of the form with the name of the supervisor.

Candidate requirements: 

First class in Computer Science or a related subject.

Basic skills and knowledge in Systems and Security required.


Scholarship covers full UK PhD tuition fees and a tax-free stipend at the current NSCS rate (£22,000 in 2018/19) for 3.5 years.


Informal enquiries, please email Dr Thomas Pasquier,

General enquiries, please email

We value your feedback on the quality of our adverts. If you have a comment to make about the overall quality of this advert, or its categorisation then please send us your feedback
Advert information

Type / Role:

Subject Area(s):


PhD tools
More PhDs from University of Bristol

Show all PhDs for this organisation …

More PhDs like this
Join in and follow us

Browser Upgrade Recommended has been optimised for the latest browsers.

For the best user experience, we recommend viewing on one of the following:

Google Chrome Firefox Microsoft Edge