Mr Simon Bell

Supervised by

Personal profile

Simon Bell specialises in empirical, data-driven research to investigate cyber attacks. His studies include measuring phishing and malware attacks on Twitter, blacklist characterisation, the impact of blacklist delays on user security, web browser phishing detection capabilities, SSH honeypots, and malware analysis.


Simon's PhD thesis explores how well-protected Twitter users are from phishing and malware attacks. Taking an empirical, data-driven approach, his thesis investigates the effectiveness of Twitter’s cybercrime defence system at time-of-tweet and time-of-click. Simon created Phishalytics: a measurement infrastructure that collects and analyses large-scale data sets. Data feeds include Twitter’s Stream API, Bitly’s Clicks API, and 3 popular blacklists: Google Safe Browsing, PhishTank, and OpenPhish.

Simon's PhD thesis contributes to improving internet measurement studies by addressing soundness and limitations of existing work. Research output includes characterising URL blacklists, investigating blacklist delays, and examining Twitter’s URL shortener ( His thesis aims to better enable policymakers, technology designers, and researchers to strengthen online user security.

Find out more about Simon's PhD thesis and measurement infrastructure at

Secure Honey

Prior to starting his PhD, Simon graduated from the University of Sussex with a First Class Honours Degree (BSc) in Computer Science. His final year project involved creating an SSH honeypot in C, deploying the honeypot to Amazon Web Services (AWS), and analysing various types of malware. The project was awarded the British Computing Society's (BCS) Best Final Year Project Prize. The project's blog featured in numerous popular security news websites including Ars Technica, The Register, PC World, and SC Magazine.

Find out more at


Connect with Simon at

Research interests

  • Phishing and malware measurement studies
  • Cybercrime on online social media (OSM)
  • Blacklists (including characterisation, temporal aspects, etc)
  • Phishing detection (including machine learning, URL analysis, psychology of social engineering, etc)
  • Web security (including web applications, network security, etc)
  • Honeypots
  • Malware analysis


Simon teaches on the university's distance learning MSc in Information Security, modules:

  • Network Security -- Module Lead
  • Computer Security -- Tutor
  • Security Management -- Tutor

View all (4) »

View all (11) »

View all (2) »

ID: 22888970