Layton, Robert (Dr)

Position Research Fellow  
Office Suite 8, Greenhill Enterprise Centre
Phone +61 3 5327 6213
Fax +61 3 5327 9289


  • Bachelor of Applied Computing (Mathematics) 2007 FedUni
  • Bachelor of Computing (Honours) 2008, FedUni, First Class
  • PhD 2012, FedUni

Background and research interests

Dr Robert Layton is a research fellow at the Internet Commerce Security Laboratory using advanced data analytics to measure and characterise cybercrime. His main research stream focuses on the task of determining if two cyber-attacks were performed by the same person. This often involves text mining, behavioural characterisation and analysing cyber-attacks. Application areas include phishing, social media, classic literature and malware.

Dr Layton was awarded FedUni's Young Alumni of the Year in 2014 and is Deputy Director of the Centre of Informatics and Applied Optimisation. He is a Google Summer of Code mentor for the scikit-learn project in 2014. Further, he has over $118,000 in grant income, as well as being part of a multi-institution team awarded $1.1million in funding from NeCTAR. Dr Layton was a visiting scholar of ANU's Crime, Policing, Security and Justice group in 2013.

Dr Layton is also responsible for the commercialisation and productisation at the Internet Commerce Security Laboratory, as well as being a member of the ICSL's Research Advisory Committee.

Professional memberships and associations

  • Australian Information Security Association (AISA)
  • Cybercrime and Trustworthy Computing Workshop - Organising committee
  • Malware Reverse Engineering Workshop - Organising committee
  • AusDM – Program committee

Teaching areas

Information security

Current research project/students

Malware attribution: looking to determine whether two pieces of malware share provenance by looking at features within unpacked malware.
Authorship Attribution: Using text mining, combined with Local n-gram models for the attribution of documents to an author.
Automating OSINT (techniques, limitations and preserving privacy): Looking at methods to link social profiles, characterising the limitations of such approaches, and detailing how people can safely use social media without leaking this information.
Cybercrime analytics: Measuring the impact, ability and problems associated with cybercrime.

Seeking students interested in any of the above projects.

Consulting and other activities

Red Marker: investigating blog posting for malicious financial advise.
Phishlabs: Characterising banking malware.


Layton, R., Watters, P. A., & Dazeley, R. (2013). Automated unsupervised authorship analysis using evidence accumulation clustering. Natural Language Engineering, 19(1), 95–120.

Layton, R., Perez, C., Birregah, B., Watters, P., & Lemercier, M. (2013). Indirect Information Linkage for OSINT through Authorship Analysis of Aliases. In Trends and Applications in Knowledge Discovery and Data Mining (pp. 36–46). Springer Berlin Heidelberg.

Layton, R., McCombie, S. & Watters, P. (2012) Authorship Attribution of IRC messages using Inverse Author Frequency. In Proceedings of the 3rd Cybercrime and Trustworthy Computing Workshop (CTC-2012), October 2012.

Other publications

External web links