Fundamental or applied? Qualitative or quantitative? Experimental or merely observational? Most studies sit on all three scales at once -- and confusing observational data with an experiment is one of the most common mistakes in security research.
⚡ Quick Bite · 40s
Not all research is the same. The three independent scales every study sits on — Fundamental vs. Applied, Qualitative vs. Quantitative, and Experimental vs. Observational — and why control matters for proving causation.
Watch this 40-second summary before diving into the full article. Sign in to earn 5 leaderboard points.
A single study is almost always placed on more than one of the following scales at once. There's no rule that a project has to pick exactly one label.
Fundamental research is enquiry aimed at extending what is known, without a specific application in mind at the time. A new mathematical bound on how quickly an encryption scheme can be broken by brute force is fundamental research — its value lies in the knowledge itself.
Applied research is enquiry aimed at solving a specific, practical problem, usually by drawing on fundamental knowledge that already exists. Building a classifier that flags phishing URLs at a bank's mail gateway is applied research: it takes established learning theory and puts it to work on a live operational problem.
This isn't a ranking of one over the other. A field only advances when both kinds of work continue together. Fundamental research supplies the theory that applied work later tests against messy field data, and applied work routinely surfaces anomalies that send theorists back to their equations.
Qualitative research is concerned with meaning and context, usually recorded in words. Open interviews with SOC analysts about why they ignore certain alerts is qualitative work — the output is a set of themes, not a number.
Quantitative research is concerned with measurable quantities, analysed through statistics. Comparing the false-positive rate of two intrusion-detection rule sets on the same traffic capture is quantitative work.
Experimental research is enquiry where the investigator deliberately changes one condition while holding the rest fixed, to see its effect on an outcome. Running the same malware sample against three different sandbox configurations, and comparing what behaviour each one reveals, is experimental because the configuration is under the researcher's control.
Not every quantitative study is experimental, and this distinction trips people up constantly. Going back through three years of a CERT's incident records to look for a seasonal pattern in ransomware reports is quantitative — but it's observational: nothing in the data was manipulated. A causal claim needs an experimental design. Observational work can only show that two things move together, and it has to say so plainly rather than implying a causation it hasn't earned.
| Type | A question it suits |
|---|---|
| Fundamental | Can a bound be proved on how many attempts a key-search attack needs? |
| Applied | Can ransomware's file-encryption behaviour be flagged on an endpoint within three seconds? |
| Qualitative | Why do SOC analysts distrust automated alert triage? |
| Quantitative | By how much does a new feature improve detection accuracy? |
| Experimental | Does balancing a training dataset change the false-negative rate, everything else held fixed? |
Fundamental/applied and qualitative/quantitative are independent axes — a single study can land anywhere on this grid, not just at one label:
Distinguish fundamental from applied research using an example from your own coursework in malware analysis or cloud security. Which of the four research objectives from the previous topic does your example serve?
Sign in to mark this article as read and track your progress.