Cyber Security, Networking and Applications Research Group (CNA)

Digital code

Our Cyber Security, Networking and Applications (CNA) research group has close strategic relationships with industry, professional bodies, law enforcement, government agencies and academia to deliver operationally focused applied information and application security research.

We have strong international links with professional organisations, including BCS, ISC2, OWASP, and NCSC ICS COI.

The group aims to develop advanced algorithms and models to address emerging cyber threats and vulnerabilities in applications, cybercrime and malware forensics, critical infrastructure and operational technology, Software-Defined Everything (SDx) and Infrastructure, and the security of Artificial Intelligence (AI).

We also aim to leverage AI and quantum computing technologies to enhance cyber security through innovative threat detection, mitigation, and response approaches.

Our objectives include creating robust training programs to empower cybersecurity professionals with the knowledge and skills to effectively utilise tools and techniques to safeguard networks, data, and infrastructure assets against evolving cyber risks.

Additionally, through interdisciplinary collaboration and cutting-edge research, we aim to contribute to advancing cybersecurity practices and infrastructure protection in the face of emerging threats.

Much of the group's research is applied/collaborative and includes links with industrial partners.

Our work is primarily focused on the research areas below:

Research areas

Andrew Moore, Muhammad Ali


  • Expand the body of knowledge on cybercrime and malware, studying their mechanisms, impacts, and trends.
  • Investigate advanced tools and methodologies for detecting, analysing, and neutralising malware and the forensic investigation of cybercrimes.
  • Enhance Cyber Resilience: Working towards strengthening the cybersecurity posture of organisations and individuals by providing insights into threat mitigation and prevention strategies.

Research and activities

  • Malware Analysis: Dissecting malware to understand its behaviour, origin, and impact. This involves reverse engineering malware samples, identifying their attack vectors, and understanding their communication protocols.
  • Cybercrime Investigation: Examining cybercrime incidents to trace back to the perpetrators, understanding their motives, methods, and the vulnerabilities they exploit.
  • Digital Forensics: Developing and applying techniques to recover and analyse digital evidence from various devices and networks, ensuring evidence is admissible in legal proceedings.
  • Threat Intelligence: Gathering and analysing data on current and emerging threats, enabling proactive defence strategies and informing stakeholders about potential risks.
  • Collaboration with Law Enforcement: Assisting law enforcement agencies with investigations and sharing expertise and tools to pursue and prosecute cybercriminals effectively.

Bernardi Pranggono, Hossein Abroshan, Charles Marrow, Nouman Nafees


  • Assess Threat Landscape: Investigate the evolving threat landscape facing critical infrastructure and operational technology (OT) systems, including cyber-physical attacks, nation-state threats, and vulnerabilities arising from interconnectedness.
  • Analyse Vulnerabilities: Identify and analyse vulnerabilities in critical infrastructure and OT systems, including legacy systems, supply chain dependencies, and human factors, to understand potential entry points for malicious actors.
  • Develop Resilience Frameworks: Design resilience frameworks tailored to critical infrastructure and OT environments, incorporating redundancy, diversity, and adaptive capabilities to withstand and recover from cyber-attacks.
  • Enhance Threat Detection and Response: Investigate advanced threat detection and response mechanisms, leveraging technologies such as anomaly detection, behavioural analytics, and AI-driven security orchestration to rapidly detect and mitigate cyber threats targeting critical infrastructure and OT systems.
  • Secure Industrial Control Systems (ICS): Explore strategies for securing industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and distributed control systems (DCS), against cyber attacks and insider threats.
  • Implement Secure Communication Protocols: Develop and evaluate secure communication protocols and standards for critical infrastructure and OT systems, ensuring confidentiality, integrity, and data availability between devices and control centres.
  • Indicators of Compromise (IoCs) in OT: Develop comprehensive methodologies for identifying IoCs specific to OT environments. This includes understanding unique attack vectors, such as communication anomalies in SCADA systems, unexpected changes in PLC behaviour, and irregularities in network traffic patterns.

Erika Sanchez, Ronak Al-Haddad, James Kadirire


  • Identify emerging threats: Analyse current cyber threats and anticipate future challenges to network security, including advanced persistent threats (APTs), zero-day exploits and insider threats.
  • Assess existing security mechanisms: Evaluate the effectiveness of traditional network security approaches, such as firewalls, intrusion detection/prevention systems (IDS/IPS) and encryption protocols, in mitigating modern cyber risks.
  • Explore cutting-edge technologies: Investigate the potential of emerging technologies, such as artificial intelligence (AI), machine learning (ML), blockchain and quantum cryptography, in enhancing network security resilience and QoS.
  • Investigate Threat Intelligence: Explore using threat intelligence platforms and threat-hunting techniques to proactively identify and mitigate network security threats before they escalate.
  • Study human factors: Examine the role of human behaviour, including user awareness, training and insider threat detection, in shaping network security posture and vulnerabilities.
  • Evaluate security in IoT and Edge Computing: Assess the unique security challenges posed by the proliferation of Internet of Things (IoT) devices and edge computing environments and propose novel solutions to mitigate associated risks.
  • Explore the potential of using AI (ML/DL) in SDN Networks: Conventional SDN-based DDoS /slow DDoS mitigation often struggle with the detection and mitigation of sophisticated attacks due to their limited ability to analyse complex traffic patterns. Explore/evaluate the potential of using AI (machine learning (ML) and deep learning (DL)) using convolutional neural network (CNN), logistic regression (LR), random forest (RF), support vector machine (SVM) and k-nearest neighbour (KNN) models, amongst others.

Segun Popoola, Hossein Abroshan, Nouman Nafees


  • Deep learning for intelligent cyber security solutions: Developing novel algorithms to autonomously and efficiently detect cyber threats and attacks in Internet of Things (IoT)-enabled smart critical infrastructure.
  • Federated learning for privacy-preservation: Developing innovative methods to create intelligent systems that preserve user privacy by enabling decentralised data processing in distributed environments.
  • Adversarial machine learning: Developing novel techniques to understand and mitigate vulnerabilities in AI models by focusing on the generation and defence against malicious inputs designed to deceive AI systems.
  • AI security and safety: Developing the frameworks and strategies required to ensure that AI systems are secure and safe by addressing potential risks, bias, and ethical concerns.

Charles Marrow, Andrew Moore


  • Vulnerability Analysis: Conduct comprehensive vulnerability analysis of modern applications to identify common security weaknesses such as injection flaws, broken authentication, sensitive data exposure, and inadequate access controls.
  • Automated Security Testing: Develop and evaluate automated security testing tools and techniques, including static analysis, dynamic analysis, and interactive application security testing (IAST), to detect and remediate security vulnerabilities in software applications efficiently.
  • Secure Software Development Lifecycle (SDLC): Investigate methodologies and best practices for integrating security into the software development lifecycle, including secure coding standards, threat modelling, code review processes, and security-focused testing methodologies.
  • Container and Serverless Security: Explore security challenges and solutions specific to containerised and serverless application architectures, including container isolation, image security, runtime protection, and serverless function security.
  • Web Application Firewall (WAF) Efficacy: Evaluate the effectiveness of web application firewalls (WAFs) in mitigating common web application attacks, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), and propose enhancements to WAF technology.
  • API Security: Investigate security risks associated with application programming interfaces (APIs), including API authentication, authorization, encryption, and protection against API abuse, and propose strategies for securing APIs in distributed systems.
  • Threat Intelligence Integration: Explore approaches for integrating threat intelligence feeds and security information from external sources into application security workflows to enhance threat detection and response capabilities.
  • Compliance and Regulatory Alignment: Assess the alignment of application security practices with industry-specific regulations (e.g., GDPR, PCI DSS) and compliance frameworks (e.g., ISO 27001, OWASP ASVS) and propose methodologies for achieving and maintaining regulatory compliance.

Academic staff

Support staff

  • Edward (Ted) Deacon

PhD Researchers

Our current postgraduate research students and their projects include:

McLeod, D. Defeating DDoS Attacks through AI implementation and Network programmability. 1st supervisor: Erika Sanchez V.

Members of our research group have participated in the following projects and partnerships:

  • Secure, Privacy-Preserving, and Intelligent Intrusion Detection System for Industrial Internet of Things. Cyber security academic startup accelerator programme 2024-25: phase 1. Innovate UK.
  • OTRAND: An AI-powered solution to detect ransomware targeting OT networks. Cyber security academic startup accelerator programme 2024-25: phase 1 Innovate UK.
  • Development of an active learning lesson plan and laboratory materials for AI for Security (CyBOK 1.1). University of Bristol.
  • Identifying challenges and proposing solutions for sustainable CIT by reducing file storage on the cloud. ARU Sustainable Future.
  • Improving women’s employability through data-driven modelling-AI data science skill’s enrichment: A UK-Indonesia collaborative approach. British Council.
  • CyberSecDome. European Union’s Horizon 2022.
  • Harmonisation of digital forensics standards across all police forces in Europe. ECTEG.
  • Training & Cyber Security Demonstration Tool. UK Home Office Cyber Protect Law Enforcement.

Members of our research group have also organised the following:

  • Co-Chair for the ICPS Architectures and Engineering Technical Track, 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS 2024).
Read more about more projects.

  • Close collaboration with the ISC2 East Chapter
  • ISC2 Academic Peer-to-Peer Network Group
    • Professional Development Content Review subgroup
    • Forward looking Cybersecurity Education-Training subgroup
  • Open Web Application Security Project (OWASP) – Cambridge chapter
  • British Computing Society – Cybercrime Forensics
  • Cybercrime Forensics and BCS DevSecOps
  • Close working relationships with industry, professional bodies, law enforcement, government agencies and academia

Selected publications since 2018:

  • Imoize, A. L., Montlouis, W., Obaidat, M. S., Popoola, S. I., & Hammoudeh, M. (Eds.). (2024). Computational Modeling and Simulation of Advanced Wireless Communication Systems. CRC Press.
  • Kathleen Coates, S., Abroshan, H. (2023). Guideline for the Production of Digital Rights Management (DRM). International Journal of Security, Privacy and Trust Management (IJSPTM), 12(3/4).
  • Mouratidis, Haralambos; Islam, Shareeful; Santos-Olmo, Antonio; Sanchez, Luis E; Ismail, Umar Mukhtar (2023). Modelling language for cyber security incident handling for critical infrastructures. Anglia Ruskin Research Online (ARRO). Journal contribution.
  • Popoola, S. I., Imoize, A. L., Hammoudeh, M., Adebisi, B., Jogunola, O., & Aibinu, A. M. (2023). Federated Deep Learning for Intrusion Detection in Consumer-Centric Internet of Things. IEEE Transactions on Consumer Electronics. doi: 10.1109/TCE.2023.3347170.
  • Nafees, M.N., Saxena, N., Cardenas, A., Grijalva, S. and Burnap, P., 2023. Smart grid cyber-physical situational awareness of complex operational technology attacks: A review. ACM Computing Surveys, 55(10), pp.1-36.
  • Popoola, S. I., Ande, R., Adebisi, B., Gui, G., Hammoudeh, M., & Jogunola, O. (2022). Federated deep learning for zero-day botnet attack detection in IoT-edge devices. IEEE Internet of Things Journal, 9(5), 3930-3944.
  • Islam, Shareeful; Papastergiou, Spyridon; Silvestri, Stefano (2022). Cyber Threat Analysis Using Natural Language Processing for a Secure Healthcare System. Anglia Ruskin Research Online (ARRO). Conference contribution.
  • Islam, Shareeful; Papastergiou, Spyridon; Kalogeraki, Eleni-Maria; Kioskli, Kitty (2022). Cyberattack Path Generation and Prioritisation for Securing Healthcare Systems. Anglia Ruskin Research Online (ARRO). Journal contribution.
  • Islam, Shareeful; Abba, Abdulrazaq; Ismail, Umar; Mouratidis, Haralambos; Papastergiou, Spyridon (2022). Vulnerability prediction for secure healthcare supply chain service delivery. Anglia Ruskin Research Online (ARRO). Journal contribution.
  • Qashou, Akram; Yousef, Sufian; Sanchez-Velazquez, Erika (2022). Mining sensor data in a smart environment: a study of control algorithms and microgrid testbed for temporal forecasting and patterns of failure. Anglia Ruskin Research Online (ARRO). Journal contribution.
  • Nafees, M.N., Saxena, N. and Burnap, P., 2022, October. On The Efficacy of Physics-Informed Context-Based Anomaly Detection for Power Systems. In 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm) (pp. 374-379). IEEE.
  • Al-Haddad, Ronak (2023). A new framework based on Software Defined Networks to support Quality of Service in a sliced architecture. Anglia Ruskin Research Online (ARRO). Thesis.
  • Islam, Shareeful; Papastergiou, Spyridon; Mouratidis, Haralambos (2021). A Dynamic Cyber Security Situational Awareness Framework for Healthcare ICT Infrastructures. Anglia Ruskin Research Online (ARRO). Conference contribution.
  • Al-Haddad, Ronak; Sanchez, Erika; Fatima, Arooj; Winckles, Adrian (2021). A Novel Traffic Shaping Algorithm for SDN-Sliced Networks using a New WFQ Technique. Anglia Ruskin Research Online (ARRO). Journal contribution.
  • Popoola, S. I., Adebisi, B., Hammoudeh, M., Gui, G., & Gacanin, H. (2021). Hybrid deep learning for botnet attack detection in the internet-of-things networks. IEEE Internet of Things Journal, 8(6), 4944-4956.
  • Popoola, S. I., Adebisi, B., Ande, R., Hammoudeh, M., Anoh, K., & Atayero, A. A. (2021). smote-drnn: A deep learning algorithm for botnet detection in the internet-of-things networks. Sensors, 21(9), 2985.
  • Popoola, S. I., Adebisi, B., Hammoudeh, M., Gacanin, H., & Gui, G. (2021). Stacked recurrent neural network for botnet detection in smart homes. Computers & Electrical Engineering, 92, 107039.
  • Popoola, S. I., Adebisi, B., Ande, R., Hammoudeh, M., & Atayero, A. A. (2021). Memory-efficient deep learning for botnet attack detection in IoT networks. Electronics, 10(9), 1104.
  • Popoola, S. I., Ande, R., Fatai, K. B., & Adebisi, B. (2021). Deep bidirectional gated recurrent unit for botnet detection in smart homes. Machine Learning and Data Mining for Emerging Trend in Cyber Dynamics: Theories and Applications, 29-55.
  • Abroshan, H., Devos, J., Poels, G. & Laermans, E. 2021. COVID-19 and Phishing: Effects of Human Emotions, Behavior, and Demographics on the Success of Phishing Attempts During the Pandemic. IEEE Access, 9, 121916-121929.
  • Abroshan, H., Devos, J., Poels, G. & Laermans E. 2021. Phishing happens beyond technology: The effects of human behaviours and demographics on each step of a phishing process. IEEE Access.
  • Abroshan, H. 2021. A hybrid encryption solution to improve cloud computing security using symmetric and asymmetric cryptography algorithms. International Journal of Advanced Computer Science and Applications, 12.
  • Nafees, M.N., Saxena, N. and Burnap, P., 2021, November. Optimized predictive control for AGC cyber resiliency. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 2450-2452).
  • Nafees, M.N., Saxena, N., Burnap, P. and Choi, B.J., 2020, October. Impact of energy consumption attacks on LoRaWAN-enabled devices in industrial context. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (pp. 2117-2119).
  • Adebowale, M., Lwin, K., Sanchez-Velazquez, E. and Hossain M.A., 2019. Intelligent Web-Phishing Detection and Protection Scheme using integrated Features of Images, Frames and Text. Journal of Expert Systems with Applications, [e-journal] 115, pp. 300 - 313. Available at:
  • Payne, Philip; Sanchez, Erika (2019). Comparison of Electric Wheelchair Control Systems in a Virtual Environment. Anglia Ruskin Research Online (ARRO). Conference contribution.
  • Hazzaa, Firas; Yousef, Sufian; Sanchez, Erika; Cirstea, Marcian N. (2018). Lightweight and Low-Energy Encryption Scheme for Voice over Wireless Devices. Anglia Ruskin Research Online (ARRO). Conference contribution.
  • Al-Haddad, Ronak; Sanchez, Erika (2018). A Survey of Quality of Service (QoS) Protocols and Software-Defined Networks (SDN). Anglia Ruskin Research Online (ARRO). Conference contribution.
  • Al-Haddad, Ronak; Sanchez, Erika; Winckles, Adrian (2018). QoSVisor: QoS Framework for SDN. Anglia Ruskin Research Online (ARRO). Conference contribution.
  • Agborubere, Belema; Sanchez, Erika (2018). OpenFlow Communications and TLS Security in Software-Defined Networks. Anglia Ruskin Research Online (ARRO). Conference contribution.
Read more about more publiations.

Dr Erika Sanchez V (Interim Director, Cisco Academy Lead, contact for the group): [email protected]

Dr Shareeful Islam (Contact for external income generation): [email protected]

Dr Hossein Abroshan (Contact for industry links): [email protected]

Dr Cristina Luca (Contact for postgraduate research student enquiries): [email protected]