Fwd: Postdoc Opportunity at Cambridge

7 views
Skip to first unread message

Gemma Galdon Clavell

unread,
Oct 12, 2013, 8:44:17 AM10/12/13
to


---------- Forwarded message ----------
From: David Murakami Wood <d...@queensu.ca>
Date: Sat, Oct 12, 2013 at 5:48 AM
Subject: Postdoc Opportunity at Cambridge
To: SURVEI...@jiscmail.ac.uk


Research Associate in Economics of Cybercrime (Fixed Term)

http://www.jobs.cam.ac.uk/job/2209/ 

Fixed-term: The funds for this post are available for the period 1st January 2014 to 31st December 2015.

A post-doctoral Research Associate position is available in the Computer Laboratory at the University of Cambridge to work on the project "Understanding and Disrupting the Economics of Cybercrime", on which we are collaborating with Carnegie Mellon University and the Southern Methodist University.

This is a very broad field and we have an open mind about what topic should be tackled. We give some examples of possible approaches below, but we would be happy to see the appointee work on another relevant topic within this general field.

We have access to various large-scale sources of data relating to cybercrime - email spam, malware samples, DNS traffic, phishing URL feeds - and some or all of this data could be used in this research. We would expect the main output of this work to be research papers at world-class venues such as Oakland, CCS and WEIS, or the equivalent in other fields.

Example topics:

  • Victim analysis - around 20% of people report that they have had an email or social networking account taken over in the past year, with the typical experience being that their friends received some spam. Is this victimisation random, or do some types of behaviour make you more vulnerable. Do the victims understand what happened and why? Have they changed their behaviour?

  • Malware analysis - malware is often adapted on a daily basis to evade detection or to fix bugs - and may be dynamically generated so that every copy is different. How can we efficiently track what is going on without drowning in hash values - and what does this tracking tell us?

  • Spam data mining - can actionable data be extracted from a firehose of email that users report as spam? Existing systems produce streams of URLs that others might block - but isn't there much more to be learnt about the patterns of criminality?

  • Data visualisation - there already exist programs to assist analysts in keeping track of investigation data while they track down criminals. Domains are resolved at the click of a mouse, whos data is fetched, and hosting arrangements determined. But how should such programs operate and display their results in a world of big data when dispatching a map/reduce query will result in thousands or millions of responses?

  • Measuring attacks - estimates for the size of botnets or the volume of a spam run are often little more than educated guesses. Can DNS data be used to improve our measurements? Can existing statistical techniques for analysing sinkhole data be improved?

  • Getting security issues addressed at scale - given a list of millions of compromised systems, how can we best ensure that the owners of these systems get them cleaned up? At various times the community has tried notification systems, working through intermediaries and name-and-shame approaches. Few of them work particularly well, so what should we be doing in the future and can we prove, experimentally, that it works?

  • Data sharing - what are real barriers that prevent organisations from sharing security relevant data? Is the invocation of "privacy" or "data protection" or "the lawyers" based on real experience, or just a convenient way of doing nothing and having a quiet life? What is the real cost/benefit of revealing what an organisation has recorded about ecrime events?

There are many more possible topics; these are just examples.

Informal enquiries should be directed to Richard Clayton (rnc1 AT cl.cam.ac.uk) or Ross Anderson (rja14 AT cl.cam.ac.uk).

The successful candidate will have a PhD in a relevant discipline, not necessarily computer science, and a strong track record in the form of previous projects and/or publications in their field. Good knowledge of English and communication skills are important.

Applications should include:

(1) A topic proposal setting out how this opportunity is to be approached. This document is absolutely key to the appointments process. Detailed essays are not required -- the successful proposal is unlikely to exceed two sides of A4 paper.

(2) Additionally, send a covering letter including a detailed description of relevant experience; a full Curriculum Vitae (resume); a completed form CHRIS6: http://www.admin.cam.ac.uk/offices/hr/forms/chris6/ (parts 1 and 3 only); and the names and e-mail addresses of three referees.

Applications should be sent, preferably by email, to personn...@cl.cam.ac.uk with a copy to rn...@cl.cam.ac.uk. Postal Address: Personnel Admin, University of Cambridge, Computer Laboratory, 15 JJ Thomson Avenue, Cambridge, CB3 0FD.

The closing date is Friday 8th November 2013.

Please quote reference NR01868 on your application and in any correspondence about this vacancy.

The University values diversity and is committed to equality of opportunity.

The University has a responsibility to ensure that all employees are eligible to live and work in the UK.

**************************************************** This is a message from the SURVEILLANCE listserv for research and teaching in surveillance studies. To unsubscribe, please send the following message to : UNSUBSCRIBE SURVEILLANCE For further help, please visit: http://www.jiscmail.ac.uk/help ****************************************************

Reply all
Reply to author
Forward
0 new messages