Adaptive Security by Design: Insights from A/Prof Uday Tupakula

What inspired or triggered this line of research—was it a real-world incident, a technology gap, or a collaboration with partners? 

The inspiration came from observing a critical disconnect between rapid deployment of emerging technologies like cloud computing, SDN, NFV, and B5G, and the security measures that remained largely reactive and static. Every year there has been an increase in the sophistication of attacks targeting critical infrastructure. Through collaborations with defence agencies and industry partners, it became clear that we needed security architectures that could adapt and evolve in real time, not just respond after an attack, but anticipate and prevent novel threats across diverse technological environments.

What exactly are you and your team developing, and how does it differ from or improve on current approaches in the field?

My team and I have developed adaptive security architectures for cloud, SDN, and B5G networks and demonstrated their usability for securing critical services such as healthcare and smart grids. Unlike conventional static approaches, our solutions are inherently adaptive and scalable, designed to evolve alongside emerging threats.

One key innovation addresses a fundamental weakness in current malware analysis: traditional tools generate behaviour reports that attackers can easily subvert, making them unreliable. To address this critical gap, we developed a robust Virtual Machine Introspection based dynamic analysis system that protects critical services against sophisticated ransomware attacks by providing tamper-resistant analysis that attackers cannot manipulate.

What obstacles have you and your team come across in your project?

We have encountered substantial challenges across multiple fronts. One of the major technical challenges has been developing security architectures for diverse environments such as cloud, SDN, NFV, and B5G networks, each with unique attack surfaces and performance requirements. For example, ensuring our adaptive security measures could respond to threats in 5G environments required dynamic placement of security functions to effectively deal with the attacks. Additionally, usability became a critical hurdle when designing security for critical infrastructures with legacy systems which often lack basic security features and flexibility needed for our adaptive approaches.

Looking ahead, what are the next steps or opportunities for this research, and how might ACS Members get involved?

The next steps for this research involve expanding into emerging areas such as AI-driven malware analysis, Intelligent Transport and securing Industry 5.0 technologies. ACS can play a crucial role by fostering collaborations with industry and government partners, ensuring these solutions are accessible and supportive of further cybersecurity research at the University of New England. Such partnerships will also help align our research outcomes with the evolving needs of the Australian cybersecurity community.

Through our Academic Spotlight series, we highlight pioneering research emerging from Australia’s universities. These projects tackle some of the most pressing challenges facing industry and society—whether safeguarding critical infrastructure, securing the next generation of networks, or building trust in emerging technologies. By sharing the stories behind this work, we connect the ACS community with the ideas, people, and innovations shaping the future of technology and its impact on industry.