Skip to main content

Research Repository

Advanced Search

Browse


Longitudinal risk-based security assessment of docker software container images (2023)
Journal Article
Mills, A., White, J., & Legg, P. (in press). Longitudinal risk-based security assessment of docker software container images. Computers and Security,

As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has been v... Read More about Longitudinal risk-based security assessment of docker software container images.

Federated learning: Data privacy and cyber security in edge-based machine learning (2023)
Book Chapter
White, J., & Legg, P. (2023). Federated learning: Data privacy and cyber security in edge-based machine learning. In C. Hewage, Y. Rahulamathavan, & D. Ratnayake (Eds.), Data Protection in a Post-Pandemic Society (DPPPS) – Best Practices, Laws, Regulations, and Recent Solutions. Springer. https://doi.org/10.1007/978-3-031-34006-2

Machine learning is now a key component of many applications for understanding trends and characteristics within the wealth of data that may be processed, whether this be learning about customer preferences and travel preferences, forecasting future... Read More about Federated learning: Data privacy and cyber security in edge-based machine learning.

Digital twins in industry 4.0 cyber security (2023)
Conference Proceeding
Lo, C., Win, T. Y., Rezaeifar, Z., Khan, Z., & Legg, P. (in press). Digital twins in industry 4.0 cyber security. In IEEE Smart World Congress 2023 - IEEE SWC / UIC / ATC / ScalCom / Digital Twin / PCDS / Metaverse-2023

The increased adoption of sophisticated Cyber Physical Systems (CPS) in critical infrastructure and various aspects of Industry 4.0 has exposed vulnerabilities stemming from legacy CPS and Industrial Internet of Things (IIoT) devices. The interconnec... Read More about Digital twins in industry 4.0 cyber security.

Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range (2023)
Journal Article
Legg, P., Mills, A., & Johnson, I. (2023). Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range. Journal of The Colloquium for Information Systems Security Education, 10(1), 9. https://doi.org/10.53735/cisse.v10i1.172

Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing pra... Read More about Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range.

Interactive cyber-physical system hacking: Engaging students early using scalextric (2023)
Journal Article
White, J., Legg, P., & Mills, A. (2023). Interactive cyber-physical system hacking: Engaging students early using scalextric. Journal of The Colloquium for Information Systems Security Education, 10(1), 6. https://doi.org/10.53735/cisse.v10i1.163

Cyber Security as an education discipline covers a variety of topics that can be challenging and complex for students who are new to the subject domain. With this in mind, it is crucial that new students are motivated by understanding both the techni... Read More about Interactive cyber-physical system hacking: Engaging students early using scalextric.

Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification (2022)
Journal Article
McCarthy, A., Ghadafi, E., Andriotis, P., & Legg, P. (2023). Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification. Journal of Information Security and Applications, 72, Article 103398. https://doi.org/10.1016/j.jisa.2022.103398

Machine learning is key for automated detection of malicious network activity to ensure that computer networks and organizations are protected against cyber security attacks. Recently, there has been growing interest in the domain of adversarial mach... Read More about Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification.

Interactive cyber-physical system hacking: Engaging students early using Scalextric (2022)
Presentation / Conference
White, J., Legg, P., & Mills, A. (2022, November). Interactive cyber-physical system hacking: Engaging students early using Scalextric. Paper presented at Colloquium on Information Systems Security Education, 2022, Online

Cyber Security as an education discipline covers a variety of topics that can be challenging and complex for students who are new to the subject domain. With this in mind, it is crucial that new students are motivated by understanding both the techni... Read More about Interactive cyber-physical system hacking: Engaging students early using Scalextric.

Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range (2022)
Presentation / Conference
Legg, P., Mills, A., & Johnson, I. (2022, November). Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range. Paper presented at Colloquium on Information Systems Security Education, Online

Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing pra... Read More about Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range.

OGMA: Visualisation for software container security analysis and automated remediation (2022)
Conference Proceeding
Mills, A., White, J., & Legg, P. (2022). OGMA: Visualisation for software container security analysis and automated remediation. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR) (76-81). https://doi.org/10.1109/CSR54599.2022.9850335

The use of software containerisation has rapidly increased in academia and industry which has lead to the production of several container security scanning tools for assessing the security posture and threat of a container image. The variability betw... Read More about OGMA: Visualisation for software container security analysis and automated remediation.

Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey (2022)
Journal Article
McCarthy, A., Ghadafi, E., Andriotis, P., & Legg, P. (2022). Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey. Journal of Cybersecurity and Privacy, 2(1), 154-190. https://doi.org/10.3390/jcp2010010

Machine learning has become widely adopted as a strategy for dealing with a variety of cybersecurity issues, ranging from insider threat detection to intrusion and malware detection. However, by their very nature, machine learning systems can introdu... Read More about Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey.

Investigating malware propagation and behaviour using system and network pixel-based visualisation (2021)
Journal Article
Williams, J., & Legg, P. (2022). Investigating malware propagation and behaviour using system and network pixel-based visualisation. SN Computer Science, 3(1), Article 53. https://doi.org/10.1007/s42979-021-00926-9

Malicious software, known as malware, is a perpetual game of cat and mouse between malicious software developers and security professionals. Recent years have seen many high profile cyber attacks, including the WannaCry and NotPetya ransomware attack... Read More about Investigating malware propagation and behaviour using system and network pixel-based visualisation.

Feature vulnerability and robustness assessment against adversarial machine learning attacks (2021)
Conference Proceeding
Mccarthy, A., Andriotis, P., Ghadafi, E., & Legg, P. (2021). Feature vulnerability and robustness assessment against adversarial machine learning attacks. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). https://doi.org/10.1109/CyberSA52016.2021.9478199

Whilst machine learning has been widely adopted for various domains, it is important to consider how such techniques may be susceptible to malicious users through adversarial attacks. Given a trained classifier, a malicious attack may attempt to craf... Read More about Feature vulnerability and robustness assessment against adversarial machine learning attacks.

Unsupervised one-class learning for anomaly detection on home IoT network devices (2021)
Conference Proceeding
White, J., & Legg, P. (2021). Unsupervised one-class learning for anomaly detection on home IoT network devices. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). https://doi.org/10.1109/CyberSA52016.2021.9478248

In this paper we study anomaly detection methods for home IoT devices. Specifically, we address unsupervised one-class learning methods due to their ability to learn deviations from a single normal class. In a home IoT environment, this consideration... Read More about Unsupervised one-class learning for anomaly detection on home IoT network devices.

"Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems (2021)
Conference Proceeding
Legg, P., Higgs, T., Spruhan, P., White, J., & Johnson, I. (2021). "Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). https://doi.org/10.1109/CyberSA52016.2021.9478251

In March 2020, the COVID-19 pandemic led to a dramatic shift in educational practice, whereby home-schooling and remote working became the norm. Many typical schools outreach projects to encourage uptake of learning cyber security skills therefore we... Read More about "Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems.

Deep learning-based security behaviour analysis in IoT environments: A survey (2021)
Journal Article
Yue, Y., Li, S., Legg, P., & Li, F. (2021). Deep learning-based security behaviour analysis in IoT environments: A survey. Security and Communication Networks, 2021, 1-13. https://doi.org/10.1155/2021/8873195

Internet of Things (IoT) applications have been used in a wide variety of domains ranging from smart home, healthcare, smart energy, and Industrial 4.0. While IoT brings a number of benefits including convenience and efficiency, it also introduces a... Read More about Deep learning-based security behaviour analysis in IoT environments: A survey.

The visual design of network data to enhance cyber security awareness of the everyday internet user (2020)
Presentation / Conference
Carroll, F., Legg, P., & Bønkel, B. (2020, June). The visual design of network data to enhance cyber security awareness of the everyday internet user. Paper presented at IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber Science 2020)

Technology and the use of online services are very prevalent across much of our everyday lives. As our digital interactions continue to grow, there is a need to improve public awareness of the risks to our personal online privacy and security. Design... Read More about The visual design of network data to enhance cyber security awareness of the everyday internet user.

"What did you say?": Extracting unintentional secrets from predictive text learning systems (2020)
Presentation / Conference
Wilkinson, G., & Legg, P. (2020, June). "What did you say?": Extracting unintentional secrets from predictive text learning systems. Paper presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Science 2020)

As a primary form of communication, text is used widely in applications including e-mail conversations, mobile text messaging, chatrooms, and forum discussions. Modern systems include facilities such as predictive text, recently implemented using dee... Read More about "What did you say?": Extracting unintentional secrets from predictive text learning systems.

Shouting through letterboxes: A study on attack susceptibility of voice assistants (2020)
Presentation / Conference
Mccarthy, A., Gaster, B., & Legg, P. (2020, June). Shouting through letterboxes: A study on attack susceptibility of voice assistants. Paper presented at IEEE International Conference on Cyber Security and the Protection of Digital Services (Cyber Science 2020)

Voice assistants such as Amazon Echo and Google Home have become increasingly popular for many home users, for home automation, entertainment, and convenience. These devices process speech commands from a user to execute some action, such as playing... Read More about Shouting through letterboxes: A study on attack susceptibility of voice assistants.

Tools and techniques for improving cyber situational awareness of targeted phishing attacks (2019)
Conference Proceeding
Legg, P., & Blackman, T. (2019). Tools and techniques for improving cyber situational awareness of targeted phishing attacks. . https://doi.org/10.1109/CyberSA.2019.8899406

© 2019 IEEE. Phishing attacks continue to be one of the most common attack vectors used online today to deceive users, such that attackers can obtain unauthorised access or steal sensitive information. Phishing campaigns often vary in their level of... Read More about Tools and techniques for improving cyber situational awareness of targeted phishing attacks.