Information Security Research Group

The Information Security Research Group (ISRG) was formally created in 2000 with a vision to perform distinctive world leading research, consultancy and teaching in the areas of computer forensic and computer network defense.

Group Strategy

The field of Cyber Security is recognized as a major issue for today’s society and economy. In particular, the strategic defense and security review recognised cyber attack as a tier one threat to the economic well being of UK. The recent cyber security strategy document defined the following objectives:

  • The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace;
  • The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace.

Since its creation the ISRG has developed close working strategic relationships with industry, government agencies and academia in the delivery of operationally focused applied information security research (Figure 1). The engagement with industry has ensured that the applied nature of the research conducted by the ISRG is directly relevant to the needs of industry and wealth creation. In addition, this symbiotic relationship with industry also ensures that the BSc/MSc teaching awards delivered by the University of South Wales directly address the needs of industry and resulted employment opportunities for our graduates.

Figure 1 – Research Focus and Interaction

The research vision and strategy for the Information Security research focus in the operational area and the interplay between Situational Awareness, Computer Network Defence, Computer Forensic and Vulnerability Development. In particular, for the creation of a single integrated approached to computer network defense and computer forensics via the development of tools and techniques that support information sharing.

The aim of the research group is to undertake research primarily in the following areas:

  • Network Security, Intrusion Detection and Wireless Security.
  • Penetration Testing and Vulnerability Assessment
  • Computer Forensics and Digital Evidence Visualisation
  • Threat Assessment and Risk Management

The objectives of the group are:

  • To investigate the nature of threats posed to information systems by various agents, and to understand the potential impact of a successful attack;
  • To create cyber-based early warning systems capable of detecting and responding to network-based attacks targeted at an organization’s information infrastructure;
  • To investigate issues relating to open source forensic analysis tools and techniques, and to analyse the concepts relating to data sharing and evidence visualization.
  • To develop tools and techniques that will allow us to assess, mitigate and manage vulnerabilities in an open heterogeneous distributed networked environment.
  • To examine the issues surrounding the development and deployment of secure wireless mobile networked computer devices.

Research Infrastructure

The Information Security Research Group has a strong and well-established theme in the areas of network security, computer forensics and threat analysis. The group focuses on the issues associated with the design and development of early warning systems that are capable of detecting and responding to a variety of cyber based attacks, and on the issues associated with the field of computer forensics. In particular we are developing technologies such as secure XML, threat assessment methods, vulnerability management, IDS data integration, data mining and data fusion, secure wireless mobile computing applications etc.

The group maintains two specialised research labs, the Network Security Research Lab (NSRL), the Computer Forensics Research Lab (CFRL).

The NSRL contains among other infrastructure an isolated network that simulates the Internet and various wireless network environments, where experiments concerning new threats are being conducted in a regular basis. Furthermore,a state of the art intrusion detection system (IDS) is used for monitoring the infrastructure of the university, gathering threat data that are being used in the various research projects of the group. A local computer cloud is being used in order to perform password and encrypted files analysis (e.g. implementing “brute force” attacks against password files of all kinds of operating systems). The computer cloud is also being used for the development of a new generation of intrusion detection system.

The CFRL is a restricted access lab used for analysing computer files in a manner that makes the information gained presentable as evidence in a court. Methods and tools are developed that, in an evidentially sound manner, extract information from the information system to address problems that are currently being encountered in the forensic process. The group offers commercial services to organisations such as the Police and other public and private bodies. A number of forensic servers are used, running various computer forensic tools for retrieving and analysing files and systems.

Research-led Teaching

The information security research group has also been responsible for the inception, validation and running of the following programmes:


* BSc (Hons) Computer Forensics
* BSc (Hons) Computer Security
* BSc (Hons) Applied Cyber Security


* MSc Computer Forensics
* MSc Computer Systems Security
* MSc Cyber Security