Professor Phil Legg

Privacy based triage of suspicious activity reports using offline large language models (2024)
Book Chapter
Legg, P., Ryder, N., Bourton, S., Johnson, D., & Walker, R. (in press). Privacy based triage of suspicious activity reports using offline large language models. In Advancements in Cyber Crime Investigations and Modern Data Analytics. CRC Press / Taylor and Francis

Suspicious Activity Reports (SAR) form a vital part of incident response and case management for the investigation of known or suspected money laundering. However, those submitting SARs, and those tasked with analysing SARs, often find the task overw... Read More about Privacy based triage of suspicious activity reports using offline large language models.

Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security (2024)
Conference Proceeding
Mills, A., White, J., & Legg, P. (2024). Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security. In SIGCSE 2024: Proceedings of the 55th ACM Technical Symposium on Computer Science Education (847-852). https://doi.org/10.1145/3626252.3630820

Delivering meaningful and inspiring cyber security education for younger audiences can often be a challenge due to limited expertise and resources. Key to any outreach activity is that it both develops a learner's curiosity, as well as providing educ... Read More about Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security.

Digital twins in industry 4.0 cyber security (2024)
Conference Proceeding
Lo, C., Win, T. Y., Rezaeifar, Z., Khan, Z., & Legg, P. (2024). Digital twins in industry 4.0 cyber security. In Proceedings of the IEEE Smart World Congress 2023. https://doi.org/10.1109/swc57546.2023.10449147

The increased adoption of sophisticated Cyber Physical Systems (CPS) in critical infrastructure and various aspects of Industry 4.0 has exposed vulnerabilities stemming from legacy CPS and Industrial Internet of Things (IIoT) devices. The interconnec... Read More about Digital twins in industry 4.0 cyber security.

Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance (2024)
Conference Proceeding
Barrett, J., Legg, P., Smith, J., & Boyle, C. (in press). Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance.

Time series forecasting facilitates real-time anomaly detection in telecom networks, predicting events that disrupt security and service. Current research efforts have been found to focus on new forecasting libraries, more rigorous data cleaning meth... Read More about Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance.

Improving search space analysis of fuzzing mutators using cryptographic structures (2023)
Conference Proceeding
Chafjiri, S. B., Legg, P., Tsompanas, M., & Hong, J. (in press). Improving search space analysis of fuzzing mutators using cryptographic structures. In Lecture Notes in Network Security

This paper introduces a novel approach to enhance the performance of software fuzzing mutator tools, by leveraging cryptographic structures known as substitution-permutation networks and Feistel networks. By integrating these structures into the exis... Read More about Improving search space analysis of fuzzing mutators using cryptographic structures.

Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security (2023)
Conference Proceeding
White, J., & Legg, P. (in press). Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security.

Federated learning is an effective approach for training a global machine learning model. It uses locally acquired data without having to share local data with the centralised server. This method provides a machine learning model beneficial for all p... Read More about Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security.

Longitudinal risk-based security assessment of docker software container images (2023)
Journal Article
Mills, A., White, J., & Legg, P. (2023). Longitudinal risk-based security assessment of docker software container images. Computers and Security, 135, Article 103478. https://doi.org/10.1016/j.cose.2023.103478

As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has been v... Read More about Longitudinal risk-based security assessment of docker software container images.

Federated learning: Data privacy and cyber security in edge-based machine learning (2023)
Book Chapter
White, J., & Legg, P. (2023). Federated learning: Data privacy and cyber security in edge-based machine learning. In C. Hewage, Y. Rahulamathavan, & D. Ratnayake (Eds.), Data Protection in a Post-Pandemic Society (DPPPS) – Best Practices, Laws, Regulations, and Recent Solutions. Springer. https://doi.org/10.1007/978-3-031-34006-2

Machine learning is now a key component of many applications for understanding trends and characteristics within the wealth of data that may be processed, whether this be learning about customer preferences and travel preferences, forecasting future... Read More about Federated learning: Data privacy and cyber security in edge-based machine learning.

Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range (2023)
Journal Article
Legg, P., Mills, A., & Johnson, I. (2023). Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range. Journal of The Colloquium for Information Systems Security Education, 10(1), 9. https://doi.org/10.53735/cisse.v10i1.172

Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing pra... Read More about Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range.

Interactive cyber-physical system hacking: Engaging students early using scalextric (2023)
Journal Article
White, J., Legg, P., & Mills, A. (2023). Interactive cyber-physical system hacking: Engaging students early using scalextric. Journal of The Colloquium for Information Systems Security Education, 10(1), 6. https://doi.org/10.53735/cisse.v10i1.163

Cyber Security as an education discipline covers a variety of topics that can be challenging and complex for students who are new to the subject domain. With this in mind, it is crucial that new students are motivated by understanding both the techni... Read More about Interactive cyber-physical system hacking: Engaging students early using scalextric.

Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification (2022)
Journal Article
McCarthy, A., Ghadafi, E., Andriotis, P., & Legg, P. (2023). Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification. Journal of Information Security and Applications, 72, Article 103398. https://doi.org/10.1016/j.jisa.2022.103398

Machine learning is key for automated detection of malicious network activity to ensure that computer networks and organizations are protected against cyber security attacks. Recently, there has been growing interest in the domain of adversarial mach... Read More about Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification.

Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range (2022)
Presentation / Conference
Legg, P., Mills, A., & Johnson, I. (2022, November). Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range. Paper presented at Colloquium on Information Systems Security Education, Online

Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing pra... Read More about Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range.

Interactive cyber-physical system hacking: Engaging students early using Scalextric (2022)
Presentation / Conference
White, J., Legg, P., & Mills, A. (2022, November). Interactive cyber-physical system hacking: Engaging students early using Scalextric. Paper presented at Colloquium on Information Systems Security Education, 2022, Online

Cyber Security as an education discipline covers a variety of topics that can be challenging and complex for students who are new to the subject domain. With this in mind, it is crucial that new students are motivated by understanding both the techni... Read More about Interactive cyber-physical system hacking: Engaging students early using Scalextric.

OGMA: Visualisation for software container security analysis and automated remediation (2022)
Conference Proceeding
Mills, A., White, J., & Legg, P. (2022). OGMA: Visualisation for software container security analysis and automated remediation. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR) (76-81). https://doi.org/10.1109/CSR54599.2022.9850335

The use of software containerisation has rapidly increased in academia and industry which has lead to the production of several container security scanning tools for assessing the security posture and threat of a container image. The variability betw... Read More about OGMA: Visualisation for software container security analysis and automated remediation.

Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey (2022)
Journal Article
McCarthy, A., Ghadafi, E., Andriotis, P., & Legg, P. (2022). Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey. Journal of Cybersecurity and Privacy, 2(1), 154-190. https://doi.org/10.3390/jcp2010010

Machine learning has become widely adopted as a strategy for dealing with a variety of cybersecurity issues, ranging from insider threat detection to intrusion and malware detection. However, by their very nature, machine learning systems can introdu... Read More about Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey.

Investigating malware propagation and behaviour using system and network pixel-based visualisation (2021)
Journal Article
Williams, J., & Legg, P. (2022). Investigating malware propagation and behaviour using system and network pixel-based visualisation. SN Computer Science, 3(1), Article 53. https://doi.org/10.1007/s42979-021-00926-9

Malicious software, known as malware, is a perpetual game of cat and mouse between malicious software developers and security professionals. Recent years have seen many high profile cyber attacks, including the WannaCry and NotPetya ransomware attack... Read More about Investigating malware propagation and behaviour using system and network pixel-based visualisation.

Feature vulnerability and robustness assessment against adversarial machine learning attacks (2021)
Conference Proceeding
Mccarthy, A., Andriotis, P., Ghadafi, E., & Legg, P. (2021). Feature vulnerability and robustness assessment against adversarial machine learning attacks. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). https://doi.org/10.1109/CyberSA52016.2021.9478199

Whilst machine learning has been widely adopted for various domains, it is important to consider how such techniques may be susceptible to malicious users through adversarial attacks. Given a trained classifier, a malicious attack may attempt to craf... Read More about Feature vulnerability and robustness assessment against adversarial machine learning attacks.

"Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems (2021)
Conference Proceeding
Legg, P., Higgs, T., Spruhan, P., White, J., & Johnson, I. (2021). "Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). https://doi.org/10.1109/CyberSA52016.2021.9478251

In March 2020, the COVID-19 pandemic led to a dramatic shift in educational practice, whereby home-schooling and remote working became the norm. Many typical schools outreach projects to encourage uptake of learning cyber security skills therefore we... Read More about "Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems.

Unsupervised one-class learning for anomaly detection on home IoT network devices (2021)
Conference Proceeding
White, J., & Legg, P. (2021). Unsupervised one-class learning for anomaly detection on home IoT network devices. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). https://doi.org/10.1109/CyberSA52016.2021.9478248

In this paper we study anomaly detection methods for home IoT devices. Specifically, we address unsupervised one-class learning methods due to their ability to learn deviations from a single normal class. In a home IoT environment, this consideration... Read More about Unsupervised one-class learning for anomaly detection on home IoT network devices.

Deep learning-based security behaviour analysis in IoT environments: A survey (2021)
Journal Article
Yue, Y., Li, S., Legg, P., & Li, F. (2021). Deep learning-based security behaviour analysis in IoT environments: A survey. Security and Communication Networks, 2021, 1-13. https://doi.org/10.1155/2021/8873195

Internet of Things (IoT) applications have been used in a wide variety of domains ranging from smart home, healthcare, smart energy, and Industrial 4.0. While IoT brings a number of benefits including convenience and efficiency, it also introduces a... Read More about Deep learning-based security behaviour analysis in IoT environments: A survey.

Investigating anti-evasion malware triggers using automated sandbox reconfiguration techniques (2020)
Journal Article
Mills, A., & Legg, P. (2021). Investigating anti-evasion malware triggers using automated sandbox reconfiguration techniques. Journal of Cybersecurity and Privacy, 1(1), 19-39. https://doi.org/10.3390/jcp1010003

Malware analysis is fundamental for defending against prevalent cyber security threats and requires a means to deploy and study behavioural software traits as more sophisticated malware is developed. Traditionally, virtual machines are used to provid... Read More about Investigating anti-evasion malware triggers using automated sandbox reconfiguration techniques.

The visual design of network data to enhance cyber security awareness of the everyday internet user (2020)
Presentation / Conference
Carroll, F., Legg, P., & Bønkel, B. (2020, June). The visual design of network data to enhance cyber security awareness of the everyday internet user. Paper presented at IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber Science 2020)

Technology and the use of online services are very prevalent across much of our everyday lives. As our digital interactions continue to grow, there is a need to improve public awareness of the risks to our personal online privacy and security. Design... Read More about The visual design of network data to enhance cyber security awareness of the everyday internet user.

Shouting through letterboxes: A study on attack susceptibility of voice assistants (2020)
Presentation / Conference
Mccarthy, A., Gaster, B., & Legg, P. (2020, June). Shouting through letterboxes: A study on attack susceptibility of voice assistants. Paper presented at IEEE International Conference on Cyber Security and the Protection of Digital Services (Cyber Science 2020)

Voice assistants such as Amazon Echo and Google Home have become increasingly popular for many home users, for home automation, entertainment, and convenience. These devices process speech commands from a user to execute some action, such as playing... Read More about Shouting through letterboxes: A study on attack susceptibility of voice assistants.

"What did you say?": Extracting unintentional secrets from predictive text learning systems (2020)
Presentation / Conference
Wilkinson, G., & Legg, P. (2020, June). "What did you say?": Extracting unintentional secrets from predictive text learning systems. Paper presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Science 2020)

As a primary form of communication, text is used widely in applications including e-mail conversations, mobile text messaging, chatrooms, and forum discussions. Modern systems include facilities such as predictive text, recently implemented using dee... Read More about "What did you say?": Extracting unintentional secrets from predictive text learning systems.

What makes for effective visualisation in cyber situational awareness for non-expert users? (2019)
Conference Proceeding
Carroll, F., Chakof, A., & Legg, P. (2019). What makes for effective visualisation in cyber situational awareness for non-expert users?. . https://doi.org/10.1109/CyberSA.2019.8899440

© 2019 IEEE. As cyber threats continue to become more prevalent, there is a need to consider how best we can understand the cyber landscape when acting online, especially so for non-expert users. Satellite navigation systems provide the de facto stan... Read More about What makes for effective visualisation in cyber situational awareness for non-expert users?.

Tools and techniques for improving cyber situational awareness of targeted phishing attacks (2019)
Conference Proceeding
Legg, P., & Blackman, T. (2019). Tools and techniques for improving cyber situational awareness of targeted phishing attacks. . https://doi.org/10.1109/CyberSA.2019.8899406

© 2019 IEEE. Phishing attacks continue to be one of the most common attack vectors used online today to deceive users, such that attackers can obtain unauthorised access or steal sensitive information. Phishing campaigns often vary in their level of... Read More about Tools and techniques for improving cyber situational awareness of targeted phishing attacks.

Efficient and interpretable real-time malware detection using random-forest (2019)
Conference Proceeding
Mills, A., Spyridopoulos, T., & Legg, P. (2019). Efficient and interpretable real-time malware detection using random-forest. . https://doi.org/10.1109/CyberSA.2019.8899533

© 2019 IEEE. Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods... Read More about Efficient and interpretable real-time malware detection using random-forest.

Venue2Vec: An efficient embedding model for fine-grained user location prediction in geo-social networks (2019)
Journal Article
Xu, S., Cao, J., Legg, P., Liu, B., & Li, S. (2020). Venue2Vec: An efficient embedding model for fine-grained user location prediction in geo-social networks. IEEE Systems Journal, 14(2), 1740-1751. https://doi.org/10.1109/JSYST.2019.2913080

Geo-Social Networks (GSN) significantly improve location-aware capability of services by offering geo-located content based on the huge volumes of data generated in the GSN. The problem of user location prediction based on user-generated data in GSN... Read More about Venue2Vec: An efficient embedding model for fine-grained user location prediction in geo-social networks.

Visual analytics for collaborative human-machine confidence in human-centric active learning tasks (2019)
Journal Article
Legg, P., Smith, J., & Downing, A. (2019). Visual analytics for collaborative human-machine confidence in human-centric active learning tasks. Human-Centric Computing and Information Sciences, 9, Article 5. https://doi.org/10.1186/s13673-019-0167-8

Active machine learning is a human-centric paradigm that leverages a small labelled dataset to build an initial weak classifier, that can then be improved over time through human-machine collaboration. As new unlabelled samples are observed, the mach... Read More about Visual analytics for collaborative human-machine confidence in human-centric active learning tasks.

Predicting user confidence during visual decision making (2018)
Journal Article
Smith, J., Legg, P., Matovis, M., & Kinsey, K. (2018). Predicting user confidence during visual decision making. ACM Transactions on Interactive Intelligent Systems, 8(2), Article 10. https://doi.org/10.1145/3185524

© 2018 ACM People are not infallible consistent “oracles”: their confidence in decision-making may vary significantly between tasks and over time. We have previously reported the benefits of using an interface and algorithms that explicitly captured... Read More about Predicting user confidence during visual decision making.

Predicting the occurrence of world news events using recurrent neural networks and auto-regressive moving average models (2017)
Book Chapter
Smith, E. M., Smith, J., Legg, P., & Francis, S. (2017). Predicting the occurrence of world news events using recurrent neural networks and auto-regressive moving average models. In F. Chao, S. Schockaert, & Q. Zhang (Eds.), Advances in Computational Intelligence Systems: UKCI 2017 (191-202). Springer Cham

The ability to predict future states is fundamental for a wide variety of applications, from weather forecasting to stock market analysis. Understanding the related data attributes that can influence changes in time series is a challenging task that... Read More about Predicting the occurrence of world news events using recurrent neural networks and auto-regressive moving average models.

RicherPicture: Semi-automated cyber defence using context-aware data analytics (2017)
Presentation / Conference
Erola, A., Agrafiotis, I., Happa, J., Goldsmith, M., Creese, S., & Legg, P. (2017, June). RicherPicture: Semi-automated cyber defence using context-aware data analytics. Paper presented at International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2017), London

In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its... Read More about RicherPicture: Semi-automated cyber defence using context-aware data analytics.

Glyph visualization: A fail-safe design scheme based on quasi-hamming distances (2017)
Journal Article
Legg, P. A., Legg, P., Maguire, E., Walton, S., & Chen, M. (2017). Glyph visualization: A fail-safe design scheme based on quasi-hamming distances. IEEE Computer Graphics and Applications, 37(2), 31-41. https://doi.org/10.1109/MCG.2016.66

© 1981-2012 IEEE. In many spatial and temporal visualization applications, glyphs provide an effective means for encoding multivariate data. However, because glyphs are typically small, they are vulnerable to various perceptual errors. This article i... Read More about Glyph visualization: A fail-safe design scheme based on quasi-hamming distances.

Visual analytics for non-expert users in cyber situation awareness (2016)
Journal Article
Legg, P. (2016). Visual analytics for non-expert users in cyber situation awareness. https://doi.org/10.22619/IJCSA

Situation awareness is often described as the perception and comprehension of the current situation, and the projection of future status. Whilst this may be well understood in an organisational cybersecurity context, there is a strong case to be made... Read More about Visual analytics for non-expert users in cyber situation awareness.

Enhancing cyber situation awareness for non-expert users using visual analytics (2016)
Presentation / Conference
Legg, P. (2016, June). Enhancing cyber situation awareness for non-expert users using visual analytics. Paper presented at International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA 2016), London, UK

Situation awareness is often described as the perception and comprehension of the current situation, and the projection of future status. Whilst this may be understood in an organisational cybersecurity context, there is a strong case to be made for... Read More about Enhancing cyber situation awareness for non-expert users using visual analytics.

Visualizing the insider threat: Challenges and tools for identifying malicious user activity (2015)
Presentation / Conference
Legg, P. (2015, October). Visualizing the insider threat: Challenges and tools for identifying malicious user activity. Paper presented at IEEE Symposium on Visualization for Cyber Security, Chicago, Illinois, USA

One of the greatest challenges for managing organisational cyber security is the threat that comes from those who operate within the organisation. With entitled access and knowledge of organisational processes, insiders who choose to attack have the... Read More about Visualizing the insider threat: Challenges and tools for identifying malicious user activity.

Quasi-Hamming distances: An overarching concept for measuring glyph similarity (2015)
Presentation / Conference
Legg, P. A., Maguire, E., Walton, S., & Chen, M. (2015, September). Quasi-Hamming distances: An overarching concept for measuring glyph similarity. Paper presented at EGUK Computer Graphics and Visual Computing 2015, UCL, London, UK

In many applications of spatial or temporal visualization, glyphs provide an effective means for encoding mul- tivariate data objects. However, because glyphs are typically small, they are vulnerable to various perceptual errors. In data communicatio... Read More about Quasi-Hamming distances: An overarching concept for measuring glyph similarity.

Automated insider threat detection system using user and role-based profile assessment (2015)
Journal Article
Legg, P. A., Buckley, O., Goldsmith, M., & Creese, S. (2017). Automated insider threat detection system using user and role-based profile assessment. IEEE Systems Journal, 11(2), 503-512. https://doi.org/10.1109/JSYST.2015.2438442

© 2007-2012 IEEE. Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abu... Read More about Automated insider threat detection system using user and role-based profile assessment.

Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat (2015)
Presentation / Conference
Legg, P. A., Buckley, O., Goldsmith, M., & Creese, S. (2015, April). Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat. Paper presented at IEEE International Symposium on Technologies for Homeland Security, Waltham, USA

The greatest asset that any organisation has are its people, but they may also be the greatest threat. Those who are within the organisation may have authorised access to vast amounts of sensitive company records that are essential for maintaining co... Read More about Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat.

Knowledge-assisted ranking: A visual analytic application for sports event data (2015)
Journal Article
Chung, D. H., Parry, M. L., Griffiths, I. W., Laramee, R. S., Bown, R., Legg, P. A., & Chen, M. (2016). Knowledge-assisted ranking: A visual analytic application for sports event data. IEEE Computer Graphics and Applications, 36(3), 72-82. https://doi.org/10.1109/MCG.2015.25

© 2016 IEEE. Organizing sports video data for performance analysis can be challenging, especially in cases involving multiple attributes and when the criteria for sorting frequently changes depending on the user's task. The proposed visual analytic s... Read More about Knowledge-assisted ranking: A visual analytic application for sports event data.

Feature Neighbourhood Mutual Information for multi-modal image registration: An application to eye fundus imaging (2014)
Journal Article
Legg, P. A., Rosin, P. L., Marshall, D., & Morgan, J. E. (2015). Feature Neighbourhood Mutual Information for multi-modal image registration: An application to eye fundus imaging. Pattern Recognition, 48(6), 1937-1946. https://doi.org/10.1016/j.patcog.2014.12.014

© 2014 Elsevier Ltd. All rights reserved. Multi-modal image registration is becoming an increasingly powerful tool for medical diagnosis and treatment. The combination of different image modalities facilitates much greater understanding of the underl... Read More about Feature Neighbourhood Mutual Information for multi-modal image registration: An application to eye fundus imaging.

Visual analytics of e-mail sociolinguistics for user behavioural analysis (2014)
Journal Article
Legg, P., Buckley, O., Goldsmith, M., & Creese, S. (2014). Visual analytics of e-mail sociolinguistics for user behavioural analysis. Journal of Internet Services and Information Security, 4(4), 1-13

The cyber-security threat that most organisations face is not one that only resides outside their perimeter attempting to get in, but emanates from the inside too. Insider threats encompass anyone or thing which exploits authorised access to company... Read More about Visual analytics of e-mail sociolinguistics for user behavioural analysis.

Understanding insider threat: A framework for characterising attacks (2014)
Presentation / Conference
Nurse, J., Buckley, O., Legg, P., Goldsmith, M., Creese, S., Wright, G., & Whitty, M. (2014, May). Understanding insider threat: A framework for characterising attacks. Paper presented at Workshop on Research for Insider Threat (Security and Privacy Workshops at IEEE Symposium on Security and Privacy)

The threat that insiders pose to businesses, institu- tions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and... Read More about Understanding insider threat: A framework for characterising attacks.

Towards a conceptual model and reasoning structure for insider threat detection (2013)
Journal Article
Legg, P., Moffat, N., Nurse, J., Happa, J., Agrafiotis, I., Goldsmith, M., & Creese, S. (2013). Towards a conceptual model and reasoning structure for insider threat detection

The insider threat faced by corporations and governments today is a real and significant problem, and one that has become increasingly difficult to combat as the years have progressed. From a technology standpoint, traditional protective measures suc... Read More about Towards a conceptual model and reasoning structure for insider threat detection.

Transformation of an uncertain video search pipeline to a sketch-based visual analytics loop (2013)
Journal Article
Griffiths, I. W., Jones, M. W., Parry, M. L., Legg, P. A., Chung, D. H., Legg, P., …Chen, M. (2013). Transformation of an uncertain video search pipeline to a sketch-based visual analytics loop. IEEE Transactions on Visualization and Computer Graphics, 19(12), 2109-2118. https://doi.org/10.1109/TVCG.2013.207

Traditional sketch-based image or video search systems rely on machine learning concepts as their core technology. However, in many applications, machine learning alone is impractical since videos may not be semantically annotated sufficiently, there... Read More about Transformation of an uncertain video search pipeline to a sketch-based visual analytics loop.

Improving accuracy and efficiency of mutual information for multi-modal retinal image registration using adaptive probability density estimation (2013)
Journal Article
Morgan, J. E., Marshall, D., Rosin, P. L., Legg, P. A., Legg, P., & Rosin, P. (2013). Improving accuracy and efficiency of mutual information for multi-modal retinal image registration using adaptive probability density estimation. Computerized Medical Imaging and Graphics, 37(7-8), 597-606. https://doi.org/10.1016/j.compmedimag.2013.08.004

Mutual information (MI) is a popular similarity measure for performing image registration between different modalities. MI makes a statistical comparison between two images by computing the entropy from the probability distribution of the data. There... Read More about Improving accuracy and efficiency of mutual information for multi-modal retinal image registration using adaptive probability density estimation.

Glyph sorting: Interactive visualization for multi-dimensional data (2013)
Journal Article
Laramee, R. S., Griffiths, I. W., Parry, M. L., Legg, P. A., Chung, D. H., Chung, D., …Chen, M. (2013). Glyph sorting: Interactive visualization for multi-dimensional data. Information Visualization, 14(1), 76-90. https://doi.org/10.1177/1473871613511959

Copyright © 2013 The Author(s). Glyph-based visualization is an effective tool for depicting multivariate information. Since sorting is one of the most common analytical tasks performed on individual attributes of a multi-dimensional dataset, this mo... Read More about Glyph sorting: Interactive visualization for multi-dimensional data.

MatchPad: Interactive glyph-based visualization for real-time sports performance analysis (2012)
Journal Article
Legg, P. A., Chung, D. H., Parry, M. L., Jones, M. W., Long, R., Griffiths, I. W., & Chen, M. (2012). MatchPad: Interactive glyph-based visualization for real-time sports performance analysis. Computer Graphics Forum, 31(3 PART 4), 1255-1264. https://doi.org/10.1111/j.1467-8659.2012.03118.x

Today real-time sports performance analysis is a crucial aspect of matches in many major sports. For example, in soccer and rugby, team analysts may annotate videos during the matches by tagging specific actions and events, which typically result in... Read More about MatchPad: Interactive glyph-based visualization for real-time sports performance analysis.

Hierarchical event selection for video storyboards with a case study on snooker video visualization (2011)
Journal Article
Griffiths, I. W., Chung, D. H., Parry, M. L., Legg, P., & Chen, M. (2011). Hierarchical event selection for video storyboards with a case study on snooker video visualization. IEEE Transactions on Visualization and Computer Graphics, 17(12), 1747-1756. https://doi.org/10.1109/TVCG.2011.208

Video storyboard, which is a form of video visualization, summarizes the major events in a video using illustrative visualization. There are three main technical challenges in creating a video storyboard, (a) event classification, (b) event selection... Read More about Hierarchical event selection for video storyboards with a case study on snooker video visualization.

A robust solution to multi-modal image registration by combining mutual information with multi-scale derivatives (2009)
Journal Article
Morgan, J. E., Rosin, P. L., Legg, P., & Marshall, D. (2009). A robust solution to multi-modal image registration by combining mutual information with multi-scale derivatives. Lecture Notes in Artificial Intelligence, 5761 LNCS(PART 1), 616-623. https://doi.org/10.1007/978-3-642-04268-3_76

In this paper we present a novel method for performing image registration of different modalities. Mutual Information (MI) is an established method for performing such registration. However, it is recognised that standard MI is not without some probl... Read More about A robust solution to multi-modal image registration by combining mutual information with multi-scale derivatives.

Visualising state space representations of LSTM networks
Presentation / Conference
Smith, E. M., Smith, J., Legg, P., & Francis, S. Visualising state space representations of LSTM networks. Presented at Workshop on Visualization for AI Explainability, Berlin, Germany

Long Short-Term Memory (LSTM) networks have proven to be one of the most effective models for making predictions on sequence-based tasks. These models work by capturing, remembering, and forgetting information relevant to their future predictions. Th... Read More about Visualising state space representations of LSTM networks.

Human-machine decision support systems for insider threat detection
Book Chapter
Legg, P. Human-machine decision support systems for insider threat detection. In Y. Huang, I. Palomares, & H. Kalutarage (Eds.), Data Analytics and Decision Support for Cybersecurity: Trends, Methodologies and Applications. Springer

Insider threats are recognised to be quite possibly the most damaging attacks that an organisation could experience. Those on the inside, who have privileged access and knowledge, are already in a position of great responsibility for contributing tow... Read More about Human-machine decision support systems for insider threat detection.

Non-rigid elastic registration of retinal images using local window mutual information
Presentation / Conference
Legg, P., Rosin, P., Marshall, D., & Morgan, J. Non-rigid elastic registration of retinal images using local window mutual information

In this paper we consider the problem of non-rigid retinal image registration between colour fundus photographs and Scanning Laser Ophthalmoscope (SLO) images. Registration would allow for cross-comparison between modalities, giving both appearence a... Read More about Non-rigid elastic registration of retinal images using local window mutual information.

Incorporating neighbourhood feature derivatives with Mutual Information to improve accuracy of multi-modal image registration
Presentation / Conference
Legg, P., Rosin, P., Marshall, D., & Morgan, J. Incorporating neighbourhood feature derivatives with Mutual Information to improve accuracy of multi-modal image registration

In this paper we present an improved method for performing image registration of different modalities. Russakoff [1] proposed the method of Regional Mutual Information (RMI) which allows neighbourhood information to be considered in the Mutual Inform... Read More about Incorporating neighbourhood feature derivatives with Mutual Information to improve accuracy of multi-modal image registration.

Improving accuracy and efficiency of registration by mutual information using Sturges’ Histogram Rule
Presentation / Conference
Legg, P., Rosin, P., Marshall, D., & Morgan, J. Improving accuracy and efficiency of registration by mutual information using Sturges’ Histogram Rule

Mutual Information is a common technique for image registration in the medical domain, in particular where images of different modalities are to be registered. In this paper, we wish to demonstrate the benefits of applying a common method known in st... Read More about Improving accuracy and efficiency of registration by mutual information using Sturges’ Histogram Rule.

Outputs (55)