Rethinking Intrusion Detection with Advanced AI for Explainable, Robust and Cost-Aware Decisions
Project ID: 2531bd1649
(You will need this ID for your application)
Research Theme: Digital Security and Resilience
Research Area(s): information and communication technologies (ICT)
UCL Lead department: Computer Science
Lead Supervisor: Fabio Pierazzi
Project Summary:
This project will develop explainable AI techniques to enhance intrusion detection systems, focusing on building trust through transparent decision-making, confidence measures, and cost-efficient deployment of advanced AI models including Large Language Models (LLMs).
Why this research is important
Intrusion detection systems generate overwhelming volumes of alerts, leading to analyst fatigue and missed threats. While advanced AI technologies like LLMs offer powerful capabilities for analyzing security data, their opacity and computational costs create barriers to adoption. This research addresses the critical need for AI-based intrusion detection that security analysts can understand, trust, and deploy efficiently, bridging cutting-edge AI capabilities with practical security operations.
Who you will be working with
You’ll collaborate with Dr. Fabio Pierazzi, Prof. Lorenzo Cavallaro, and their teams along with international collaborators and industrial partners, submitting findings to top international venues such as S&P, CCS, USENIX Security, NDSS, AISec, SaTML, and RAID.
What you will be doing
You will develop and evaluate explainable AI methods for analyzing diverse security data including network traffic, system logs, and system call traces. You’ll investigate how LLMs and automated reasoning enhance threat detection while maintaining explainability, integrate cybersecurity domain knowledge into model design, develop confidence measures for automated assessments, and explore cost-efficient architectures. You may conduct user studies with security professionals to validate proposed methods. Application domains include network-based and host-based intrusion detection as well as malware analysis.
Who we are looking for
We seek candidates with a background in computer science or related fields, with strong knowledge in at least one area among systems security, machine learning, or explainable AI. Interest in intrusion detection, willingness to engage with security practitioners, and analytical problem-solving skills are essential. Motivation, curiosity, and commitment to developing trustworthy security solutions are key.