Dr Marco Cook

Research Associate (School of Computing Science)

email: Marco.Cook@glasgow.ac.uk

School of Computing Science, Sir Alwyn Williams Building

Import to contacts

https://orcid.org/0000-0002-5232-2381

Biography

I am a Research Associate within the School of Computing Science, and a member of the GLAsgow Systems Section (GLASS). My research focuses on the cyber security and resiliance of Critical National Infrastructure (CNI), giving particular attention to cyber-physical systems (CPS) and industrial technologies (e.g. Industrial Control Systems (ICS) and Programmable Logic Controllers (PLCs). Within the department, I am a member of the Netlab and Cyber Defence Lab groups.

I completed my PhD at the University of Glasgow in 2023, which was funded through an EPSRC iCASE studentship award, supported by the Defence Science and Technology Laboratory (Dstl) as the industrial partner. My PhD research explored anomaly detection and diagnosis for ICS, specifically in the context of digital forensics.

Research interests

Research Interests:

Cyber-Security
Industrial Control System (ICS) Security
Anomaly Detection
Digital Forensics
Security of Programmable Logic Controllers (PLCs)

Research groups

Netlab (Networked Systems Research Laboratory)
Glasgow Cyber Defence Lab

Publications

List by: Type | Date

Jump to: 2025 | 2024 | 2023 | 2022 | 2020 | 2017

Number of items: 14.

2025

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Shah, Awais Aziz ORCID: https://orcid.org/0000-0002-1656-739X and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Network-Wide Service Deployment Using Centrally Orchestrated, eBPF-Based Programmable Dataplanes. In: 2025 EuCNC & 6G Summit, Poznan, Poland, 03-06 Jun 2025, (Accepted for Publication)

Chyzy, Jan, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) On the Cost of Asset Discovery Techniques for Industrial Control Systems. In: 8th IEEE Conference on Industrial Cyber-Physical Systems (ICPS), Emden, Germany, 12-15 May 2025, (Accepted for Publication)

Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Artefact Provenance Graphs for Anomaly Inference in Industrial Control Systems. In: 40th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2025, Maribor, Slovenia, 21-23 May 2025, (Accepted for Publication)

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Li, Xicheng, Shah, Awais Aziz ORCID: https://orcid.org/0000-0002-1656-739X and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Programmable data planes for increased digital resilience in OT networks. IEEE Communications Magazine, (doi: 10.1109/MCOM.001.2400446) (Early Online Publication)

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Resilient Network Architecture with eBPF-based Programmability and Centralised Orchestration. In: IEEE International Conference on Computer Communications (INFOCOM 2025), London, UK, 19-22 May 2025, (Accepted for Publication)

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Deol, Bikram Singh ORCID: https://orcid.org/0009-0004-5675-7499, Shah, Awais Aziz ORCID: https://orcid.org/0000-0002-1656-739X and Pezaros, Dimitrios P. ORCID: https://orcid.org/0000-0003-0939-378X (2025) Dashboard Orchestration of eBPF-based Programmable OT Networks. In: IEEE International Conference on Computer Communications (INFOCOM 2025), London, UK, 19-22 May 2025, (Accepted for Publication)

2024

Nahalka, Martin, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2024) The Good, the Bad and the Ugly: Investigating the Effectiveness of Graph Deep Neural Networks for Anomaly Detection in Industrial Control Systems. In: IFIP International Internet of things (IoT) Conference, Nice, France, 6-8 November 2024, (Accepted for Publication)

Niu, Xianghao, Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2024) Examining the Suitability of Stream Ciphers for Modbus-TCP Encryption on Resource Constrained Devices. In: EuroSec '24, Athens, Greece, 22 Apr 2024, pp. 51-57. ISBN 9798400705427 (doi: 10.1145/3642974.3652287)

Feng, Kai, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216 (2024) Sizzler: Sequential fuzzing in Ladder diagrams for vulnerability detection and discovery in Programmable Logic Controllers. IEEE Transactions on Information Forensics and Security, 19, pp. 1660-1671. (doi: 10.1109/TIFS.2023.3340615)

2023

Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216 and Pezaros, Dimitrios P. ORCID: https://orcid.org/0000-0003-0939-378X (2023) PLCPrint: fingerprinting memory attacks in programmable logic controllers. IEEE Transactions on Information Forensics and Security, (doi: 10.1109/TIFS.2023.3277688) (Early Online Publication)

Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216, Johnson, Chris and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2023) A survey on industrial control system digital forensics: challenges, advances and future directions. IEEE Communications Surveys and Tutorials, (doi: 10.1109/COMST.2023.3264680) (Early Online Publication)

2022

Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381, Paterson, Cory, Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2022) Anomaly Diagnosis in Cyber-Physical Systems. In: ICC 2022 - IEEE International Conference on Communications, Seoul, South Korea, 16-20 May 2022, ISBN 9781538683484 (doi: 10.1109/ICC45855.2022.9838968)

2020

Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381, Stavrou, Ioannis, Dimmock, Sarah and Johnson, Chris ORCID: https://orcid.org/0000-0002-1052-9851 (2020) Introducing a Forensics Data Type Taxonomy of Acquirable Artefacts From Programmable Logic Controllers. In: 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 15-19 Jun 2020, ISBN 9781728164281 (doi: 10.1109/CyberSecurity49315.2020.9138879)

2017

Johnson, Chris W. ORCID: https://orcid.org/0000-0002-1052-9851, Saleem, Mohammed Hashim, Evangelopoulou, Maria ORCID: https://orcid.org/0000-0002-6536-4708, Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381, Harkness, Rob and Barker, Tom (2017) Defending Against Firmware Cyber Attacks on Safety-Critical Systems. Proceedings 35th International System Safety Conference, Albuquerque, NM, USA, 21-25 Aug 2017.

This list was generated on Sun Jun 15 12:09:27 2025 BST.

Jump to: Articles | Conference or Workshop Item | Conference Proceedings

Number of items: 14.

Articles

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Li, Xicheng, Shah, Awais Aziz ORCID: https://orcid.org/0000-0002-1656-739X and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Programmable data planes for increased digital resilience in OT networks. IEEE Communications Magazine, (doi: 10.1109/MCOM.001.2400446) (Early Online Publication)

Feng, Kai, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216 (2024) Sizzler: Sequential fuzzing in Ladder diagrams for vulnerability detection and discovery in Programmable Logic Controllers. IEEE Transactions on Information Forensics and Security, 19, pp. 1660-1671. (doi: 10.1109/TIFS.2023.3340615)

Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216 and Pezaros, Dimitrios P. ORCID: https://orcid.org/0000-0003-0939-378X (2023) PLCPrint: fingerprinting memory attacks in programmable logic controllers. IEEE Transactions on Information Forensics and Security, (doi: 10.1109/TIFS.2023.3277688) (Early Online Publication)

Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216, Johnson, Chris and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2023) A survey on industrial control system digital forensics: challenges, advances and future directions. IEEE Communications Surveys and Tutorials, (doi: 10.1109/COMST.2023.3264680) (Early Online Publication)

Conference or Workshop Item

Johnson, Chris W. ORCID: https://orcid.org/0000-0002-1052-9851, Saleem, Mohammed Hashim, Evangelopoulou, Maria ORCID: https://orcid.org/0000-0002-6536-4708, Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381, Harkness, Rob and Barker, Tom (2017) Defending Against Firmware Cyber Attacks on Safety-Critical Systems. Proceedings 35th International System Safety Conference, Albuquerque, NM, USA, 21-25 Aug 2017.

Conference Proceedings

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Shah, Awais Aziz ORCID: https://orcid.org/0000-0002-1656-739X and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Network-Wide Service Deployment Using Centrally Orchestrated, eBPF-Based Programmable Dataplanes. In: 2025 EuCNC & 6G Summit, Poznan, Poland, 03-06 Jun 2025, (Accepted for Publication)

Chyzy, Jan, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) On the Cost of Asset Discovery Techniques for Industrial Control Systems. In: 8th IEEE Conference on Industrial Cyber-Physical Systems (ICPS), Emden, Germany, 12-15 May 2025, (Accepted for Publication)

Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Artefact Provenance Graphs for Anomaly Inference in Industrial Control Systems. In: 40th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2025, Maribor, Slovenia, 21-23 May 2025, (Accepted for Publication)

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2025) Resilient Network Architecture with eBPF-based Programmability and Centralised Orchestration. In: IEEE International Conference on Computer Communications (INFOCOM 2025), London, UK, 19-22 May 2025, (Accepted for Publication)

Holik, Filip, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381, Deol, Bikram Singh ORCID: https://orcid.org/0009-0004-5675-7499, Shah, Awais Aziz ORCID: https://orcid.org/0000-0002-1656-739X and Pezaros, Dimitrios P. ORCID: https://orcid.org/0000-0003-0939-378X (2025) Dashboard Orchestration of eBPF-based Programmable OT Networks. In: IEEE International Conference on Computer Communications (INFOCOM 2025), London, UK, 19-22 May 2025, (Accepted for Publication)

Nahalka, Martin, Cook, Marco M. ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2024) The Good, the Bad and the Ugly: Investigating the Effectiveness of Graph Deep Neural Networks for Anomaly Detection in Industrial Control Systems. In: IFIP International Internet of things (IoT) Conference, Nice, France, 6-8 November 2024, (Accepted for Publication)

Niu, Xianghao, Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2024) Examining the Suitability of Stream Ciphers for Modbus-TCP Encryption on Resource Constrained Devices. In: EuroSec '24, Athens, Greece, 22 Apr 2024, pp. 51-57. ISBN 9798400705427 (doi: 10.1145/3642974.3652287)

Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381, Paterson, Cory, Marnerides, Angelos K. ORCID: https://orcid.org/0000-0002-7996-6216 and Pezaros, Dimitrios ORCID: https://orcid.org/0000-0003-0939-378X (2022) Anomaly Diagnosis in Cyber-Physical Systems. In: ICC 2022 - IEEE International Conference on Communications, Seoul, South Korea, 16-20 May 2022, ISBN 9781538683484 (doi: 10.1109/ICC45855.2022.9838968)

Cook, Marco ORCID: https://orcid.org/0000-0002-5232-2381, Stavrou, Ioannis, Dimmock, Sarah and Johnson, Chris ORCID: https://orcid.org/0000-0002-1052-9851 (2020) Introducing a Forensics Data Type Taxonomy of Acquirable Artefacts From Programmable Logic Controllers. In: 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 15-19 Jun 2020, ISBN 9781728164281 (doi: 10.1109/CyberSecurity49315.2020.9138879)

This list was generated on Sun Jun 15 12:09:27 2025 BST.

Supervision

Nahalka, Martin
Machine-learning based cyber resilience for the CNI