Skip to main content
What types of page to search?

Popular pages: Undergraduate Postgraduate PhD Accommodation Research International students

Alternatively use our A-Z index.

Understanding the motivations behind cyberattacks

Wanrong Yang - a case study on intent

Wanrong Yang uses reinforcement learning and advanced algorithm techniques to identify the intentions behind cyberattacks based on attacker behaviour patterns. Understanding attacker motivations and targets enables organizations to implement targeted defence strategies, adapt their security measures dynamically, and build more resilient cybersecurity systems. This foundational PhD project will utilize existing attack simulator tools and building new attacker models for training and evaluation.

What I'm doing:

Every day, organizations worldwide face countless cyberattacks ranging from simple fishing attempts to sophisticated data breaches. Behind each attack lies a specific motivation—whether financial gain, espionage, disruption, or hacktivism. Understanding these motivations is crucial for effective defence, yet current security systems often focus solely on blocking attacks without comprehending the 'why' behind them. The challenge of my PhD is to develop intelligent systems that can infer attacker intentions from their behavioural patterns in real-time. To achieve this, I will be employing cutting-edge reinforcement learning and advanced algorithm techniques, to recognize patterns that correlate with different attacker motivations. These models will be trained and evaluated using existing attack simulator tools or self-building attacker models, which provide controlled environments to study various attack scenarios safely. By analysing sequences of actions, targets selection, and attack methodologies, the system will learn to distinguish between attackers seeking financial gain, those conducting espionage, and other motivation categories.

The impact of this project:

By accurately identifying attacker intentions, organizations can transform their cybersecurity approach from reactive to strategic. For instance, if the system detects financially motivated attackers, defenders can immediately strengthen financial data protection and payment system monitoring. Similarly, identifying state-sponsored espionage attempts would trigger enhanced protection for intellectual property and sensitive research data. This targeted response capability not only improves defence effectiveness but also optimizes resource allocation, ensuring security teams focus their efforts where they matter most. Ultimately, this research aims to provide the cybersecurity community with actionable intelligence about attacker motivations, making our digital infrastructure more secure and resilient against evolving threats.