Professor Phil Legg

Digital twins of cyber physical systems in smart manufacturing for threat simulation and detection with deep learning for time series classification (2024)
Presentation / Conference Contribution

With increasing reliance on Cyber Physical Systems (CPS) for automation and control in Industry 4.0 and 5.0, ensuring their security against cyber threats has become paramount. Traditional security mechanisms, constrained by operational continuity an... Read More about Digital twins of cyber physical systems in smart manufacturing for threat simulation and detection with deep learning for time series classification.

Vulnerability detection through machine learning-based fuzzing: A systematic review (2024)
Journal Article

Modern software and networks underpin our digital society, yet the rapid growth of vulnerabilities that are uncovered within these threaten our cyber security posture. Addressing these issues at scale requires automated proactive approaches that can... Read More about Vulnerability detection through machine learning-based fuzzing: A systematic review.

TRIST: Towards a container-based ICS testbed for cyber threat simulation and anomaly detection (2024)
Presentation / Conference Contribution

Cyber-attacks on Industrial Control Systems (ICS), as exemplified by the incidents at the Maroochy water treatment plant and the Ukraine's electric power grid, have demonstrated that cyber threats can inflict significant physical impacts. These incid... Read More about TRIST: Towards a container-based ICS testbed for cyber threat simulation and anomaly detection.

Privacy based triage of suspicious activity reports using offline large language models (2024)
Book Chapter

Suspicious Activity Reports (SAR) form a vital part of incident response and case management for the investigation of known or suspected money laundering. However, those submitting SARs, and those tasked with analysing SARs, often find the task overw... Read More about Privacy based triage of suspicious activity reports using offline large language models.

Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security (2024)
Presentation / Conference Contribution

Delivering meaningful and inspiring cyber security education for younger audiences can often be a challenge due to limited expertise and resources. Key to any outreach activity is that it both develops a learner's curiosity, as well as providing educ... Read More about Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security.

Digital twins in industry 4.0 cyber security (2024)
Presentation / Conference Contribution

The increased adoption of sophisticated Cyber Physical Systems (CPS) in critical infrastructure and various aspects of Industry 4.0 has exposed vulnerabilities stemming from legacy CPS and Industrial Internet of Things (IIoT) devices. The interconnec... Read More about Digital twins in industry 4.0 cyber security.

Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance (2024)
Presentation / Conference Contribution

Time series forecasting facilitates real-time anomaly detection in telecom networks, predicting events that disrupt security and service. Current research efforts have been found to focus on new forecasting libraries, more rigorous data cleaning meth... Read More about Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance.

Improving search space analysis of fuzzing mutators using cryptographic structures (2023)
Presentation / Conference Contribution

This paper introduces a novel approach to enhance the performance of software fuzzing mutator tools, by leveraging cryptographic structures known as substitution-permutation networks and Feistel networks. By integrating these structures into the exis... Read More about Improving search space analysis of fuzzing mutators using cryptographic structures.

Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security (2023)
Presentation / Conference Contribution

Federated learning is an effective approach for training a global machine learning model. It uses locally acquired data without having to share local data with the centralised server. This method provides a machine learning model beneficial for all p... Read More about Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security.

Longitudinal risk-based security assessment of docker software container images (2023)
Journal Article

As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has been v... Read More about Longitudinal risk-based security assessment of docker software container images.

Federated learning: Data privacy and cyber security in edge-based machine learning (2023)
Book Chapter

Machine learning is now a key component of many applications for understanding trends and characteristics within the wealth of data that may be processed, whether this be learning about customer preferences and travel preferences, forecasting future... Read More about Federated learning: Data privacy and cyber security in edge-based machine learning.

Interactive cyber-physical system hacking: Engaging students early using scalextric (2023)
Presentation / Conference Contribution

Cyber Security as an education discipline covers a variety of topics that can be challenging and complex for students who are new to the subject domain. With this in mind, it is crucial that new students are motivated by understanding both the techni... Read More about Interactive cyber-physical system hacking: Engaging students early using scalextric.

Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range (2023)
Journal Article

Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing pra... Read More about Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range.

Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification (2022)
Journal Article

Machine learning is key for automated detection of malicious network activity to ensure that computer networks and organizations are protected against cyber security attacks. Recently, there has been growing interest in the domain of adversarial mach... Read More about Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification.

Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range (2022)
Presentation / Conference Contribution

Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing pra... Read More about Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range.

Interactive cyber-physical system hacking: Engaging students early using Scalextric (2022)
Presentation / Conference Contribution

Cyber Security as an education discipline covers a variety of topics that can be challenging and complex for students who are new to the subject domain. With this in mind, it is crucial that new students are motivated by understanding both the techni... Read More about Interactive cyber-physical system hacking: Engaging students early using Scalextric.

OGMA: Visualisation for software container security analysis and automated remediation (2022)
Presentation / Conference Contribution

The use of software containerisation has rapidly increased in academia and industry which has lead to the production of several container security scanning tools for assessing the security posture and threat of a container image. The variability betw... Read More about OGMA: Visualisation for software container security analysis and automated remediation.

Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey (2022)
Journal Article

Machine learning has become widely adopted as a strategy for dealing with a variety of cybersecurity issues, ranging from insider threat detection to intrusion and malware detection. However, by their very nature, machine learning systems can introdu... Read More about Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey.

Investigating malware propagation and behaviour using system and network pixel-based visualisation (2021)
Journal Article

Malicious software, known as malware, is a perpetual game of cat and mouse between malicious software developers and security professionals. Recent years have seen many high profile cyber attacks, including the WannaCry and NotPetya ransomware attack... Read More about Investigating malware propagation and behaviour using system and network pixel-based visualisation.

Unsupervised one-class learning for anomaly detection on home IoT network devices (2021)
Presentation / Conference Contribution

In this paper we study anomaly detection methods for home IoT devices. Specifically, we address unsupervised one-class learning methods due to their ability to learn deviations from a single normal class. In a home IoT environment, this consideration... Read More about Unsupervised one-class learning for anomaly detection on home IoT network devices.

Feature vulnerability and robustness assessment against adversarial machine learning attacks (2021)
Presentation / Conference Contribution

Whilst machine learning has been widely adopted for various domains, it is important to consider how such techniques may be susceptible to malicious users through adversarial attacks. Given a trained classifier, a malicious attack may attempt to craf... Read More about Feature vulnerability and robustness assessment against adversarial machine learning attacks.

"Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems (2021)
Presentation / Conference Contribution

In March 2020, the COVID-19 pandemic led to a dramatic shift in educational practice, whereby home-schooling and remote working became the norm. Many typical schools outreach projects to encourage uptake of learning cyber security skills therefore we... Read More about "Hacking an IoT Home": New opportunities for cyber security education combining remote learning with cyber-physical systems.

Investigating anti-evasion malware triggers using automated sandbox reconfiguration techniques (2020)
Journal Article

Malware analysis is fundamental for defending against prevalent cyber security threats and requires a means to deploy and study behavioural software traits as more sophisticated malware is developed. Traditionally, virtual machines are used to provid... Read More about Investigating anti-evasion malware triggers using automated sandbox reconfiguration techniques.

The visual design of network data to enhance cyber security awareness of the everyday internet user (2020)
Presentation / Conference Contribution

Technology and the use of online services are very prevalent across much of our everyday lives. As our digital interactions continue to grow, there is a need to improve public awareness of the risks to our personal online privacy and security. Design... Read More about The visual design of network data to enhance cyber security awareness of the everyday internet user.

Shouting through letterboxes: A study on attack susceptibility of voice assistants (2020)
Presentation / Conference Contribution

Voice assistants such as Amazon Echo and Google Home have become increasingly popular for many home users, for home automation, entertainment, and convenience. These devices process speech commands from a user to execute some action, such as playing... Read More about Shouting through letterboxes: A study on attack susceptibility of voice assistants.

"What did you say?": Extracting unintentional secrets from predictive text learning systems (2020)
Presentation / Conference Contribution

As a primary form of communication, text is used widely in applications including e-mail conversations, mobile text messaging, chatrooms, and forum discussions. Modern systems include facilities such as predictive text, recently implemented using dee... Read More about "What did you say?": Extracting unintentional secrets from predictive text learning systems.

What makes for effective visualisation in cyber situational awareness for non-expert users? (2019)
Presentation / Conference Contribution

© 2019 IEEE. As cyber threats continue to become more prevalent, there is a need to consider how best we can understand the cyber landscape when acting online, especially so for non-expert users. Satellite navigation systems provide the de facto stan... Read More about What makes for effective visualisation in cyber situational awareness for non-expert users?.

Efficient and interpretable real-time malware detection using random-forest (2019)
Presentation / Conference Contribution

© 2019 IEEE. Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods... Read More about Efficient and interpretable real-time malware detection using random-forest.

Tools and techniques for improving cyber situational awareness of targeted phishing attacks (2019)
Presentation / Conference Contribution

© 2019 IEEE. Phishing attacks continue to be one of the most common attack vectors used online today to deceive users, such that attackers can obtain unauthorised access or steal sensitive information. Phishing campaigns often vary in their level of... Read More about Tools and techniques for improving cyber situational awareness of targeted phishing attacks.

Visual analytics for collaborative human-machine confidence in human-centric active learning tasks (2019)
Journal Article

Active machine learning is a human-centric paradigm that leverages a small labelled dataset to build an initial weak classifier, that can then be improved over time through human-machine collaboration. As new unlabelled samples are observed, the mach... Read More about Visual analytics for collaborative human-machine confidence in human-centric active learning tasks.

Predicting user confidence during visual decision making (2018)
Journal Article

© 2018 ACM People are not infallible consistent “oracles”: their confidence in decision-making may vary significantly between tasks and over time. We have previously reported the benefits of using an interface and algorithms that explicitly captured... Read More about Predicting user confidence during visual decision making.

Predicting the occurrence of world news events using recurrent neural networks and auto-regressive moving average models (2017)
Book Chapter

The ability to predict future states is fundamental for a wide variety of applications, from weather forecasting to stock market analysis. Understanding the related data attributes that can influence changes in time series is a challenging task that... Read More about Predicting the occurrence of world news events using recurrent neural networks and auto-regressive moving average models.

RicherPicture: Semi-automated cyber defence using context-aware data analytics (2017)
Presentation / Conference Contribution

In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its... Read More about RicherPicture: Semi-automated cyber defence using context-aware data analytics.

Glyph visualization: A fail-safe design scheme based on quasi-hamming distances (2017)
Journal Article

© 1981-2012 IEEE. In many spatial and temporal visualization applications, glyphs provide an effective means for encoding multivariate data. However, because glyphs are typically small, they are vulnerable to various perceptual errors. This article i... Read More about Glyph visualization: A fail-safe design scheme based on quasi-hamming distances.

Visual analytics for non-expert users in cyber situation awareness (2016)
Journal Article

Situation awareness is often described as the perception and comprehension of the current situation, and the projection of future status. Whilst this may be well understood in an organisational cybersecurity context, there is a strong case to be made... Read More about Visual analytics for non-expert users in cyber situation awareness.

Enhancing cyber situation awareness for non-expert users using visual analytics (2016)
Presentation / Conference Contribution

Situation awareness is often described as the perception and comprehension of the current situation, and the projection of future status. Whilst this may be understood in an organisational cybersecurity context, there is a strong case to be made for... Read More about Enhancing cyber situation awareness for non-expert users using visual analytics.

Visualizing the insider threat: Challenges and tools for identifying malicious user activity (2015)
Presentation / Conference Contribution

One of the greatest challenges for managing organisational cyber security is the threat that comes from those who operate within the organisation. With entitled access and knowledge of organisational processes, insiders who choose to attack have the... Read More about Visualizing the insider threat: Challenges and tools for identifying malicious user activity.

Quasi-Hamming distances: An overarching concept for measuring glyph similarity (2015)
Presentation / Conference Contribution

In many applications of spatial or temporal visualization, glyphs provide an effective means for encoding mul- tivariate data objects. However, because glyphs are typically small, they are vulnerable to various perceptual errors. In data communicatio... Read More about Quasi-Hamming distances: An overarching concept for measuring glyph similarity.

Automated insider threat detection system using user and role-based profile assessment (2015)
Journal Article

© 2007-2012 IEEE. Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abu... Read More about Automated insider threat detection system using user and role-based profile assessment.

Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat (2015)
Presentation / Conference Contribution

The greatest asset that any organisation has are its people, but they may also be the greatest threat. Those who are within the organisation may have authorised access to vast amounts of sensitive company records that are essential for maintaining co... Read More about Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat.

Knowledge-assisted ranking: A visual analytic application for sports event data (2015)
Journal Article

© 2016 IEEE. Organizing sports video data for performance analysis can be challenging, especially in cases involving multiple attributes and when the criteria for sorting frequently changes depending on the user's task. The proposed visual analytic s... Read More about Knowledge-assisted ranking: A visual analytic application for sports event data.

Feature Neighbourhood Mutual Information for multi-modal image registration: An application to eye fundus imaging (2014)
Journal Article

© 2014 Elsevier Ltd. All rights reserved. Multi-modal image registration is becoming an increasingly powerful tool for medical diagnosis and treatment. The combination of different image modalities facilitates much greater understanding of the underl... Read More about Feature Neighbourhood Mutual Information for multi-modal image registration: An application to eye fundus imaging.

Visual analytics of e-mail sociolinguistics for user behavioural analysis (2014)
Journal Article

The cyber-security threat that most organisations face is not one that only resides outside their perimeter attempting to get in, but emanates from the inside too. Insider threats encompass anyone or thing which exploits authorised access to company... Read More about Visual analytics of e-mail sociolinguistics for user behavioural analysis.

Understanding insider threat: A framework for characterising attacks (2014)
Presentation / Conference Contribution

The threat that insiders pose to businesses, institu- tions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and... Read More about Understanding insider threat: A framework for characterising attacks.

Towards a conceptual model and reasoning structure for insider threat detection (2013)
Journal Article

The insider threat faced by corporations and governments today is a real and significant problem, and one that has become increasingly difficult to combat as the years have progressed. From a technology standpoint, traditional protective measures suc... Read More about Towards a conceptual model and reasoning structure for insider threat detection.

Transformation of an uncertain video search pipeline to a sketch-based visual analytics loop (2013)
Journal Article

Traditional sketch-based image or video search systems rely on machine learning concepts as their core technology. However, in many applications, machine learning alone is impractical since videos may not be semantically annotated sufficiently, there... Read More about Transformation of an uncertain video search pipeline to a sketch-based visual analytics loop.

Improving accuracy and efficiency of mutual information for multi-modal retinal image registration using adaptive probability density estimation (2013)
Journal Article

Mutual information (MI) is a popular similarity measure for performing image registration between different modalities. MI makes a statistical comparison between two images by computing the entropy from the probability distribution of the data. There... Read More about Improving accuracy and efficiency of mutual information for multi-modal retinal image registration using adaptive probability density estimation.

Glyph sorting: Interactive visualization for multi-dimensional data (2013)
Journal Article

Copyright © 2013 The Author(s). Glyph-based visualization is an effective tool for depicting multivariate information. Since sorting is one of the most common analytical tasks performed on individual attributes of a multi-dimensional dataset, this mo... Read More about Glyph sorting: Interactive visualization for multi-dimensional data.

MatchPad: Interactive glyph-based visualization for real-time sports performance analysis (2012)
Journal Article

Today real-time sports performance analysis is a crucial aspect of matches in many major sports. For example, in soccer and rugby, team analysts may annotate videos during the matches by tagging specific actions and events, which typically result in... Read More about MatchPad: Interactive glyph-based visualization for real-time sports performance analysis.

Hierarchical event selection for video storyboards with a case study on snooker video visualization (2011)
Journal Article

Video storyboard, which is a form of video visualization, summarizes the major events in a video using illustrative visualization. There are three main technical challenges in creating a video storyboard, (a) event classification, (b) event selection... Read More about Hierarchical event selection for video storyboards with a case study on snooker video visualization.

A robust solution to multi-modal image registration by combining mutual information with multi-scale derivatives (2009)
Presentation / Conference Contribution

In this paper we present a novel method for performing image registration of different modalities. Mutual Information (MI) is an established method for performing such registration. However, it is recognised that standard MI is not without some probl... Read More about A robust solution to multi-modal image registration by combining mutual information with multi-scale derivatives.

Human-machine decision support systems for insider threat detection
Book Chapter

Insider threats are recognised to be quite possibly the most damaging attacks that an organisation could experience. Those on the inside, who have privileged access and knowledge, are already in a position of great responsibility for contributing tow... Read More about Human-machine decision support systems for insider threat detection.

Visualising state space representations of LSTM networks
Presentation / Conference Contribution

Long Short-Term Memory (LSTM) networks have proven to be one of the most effective models for making predictions on sequence-based tasks. These models work by capturing, remembering, and forgetting information relevant to their future predictions. Th... Read More about Visualising state space representations of LSTM networks.

Non-rigid elastic registration of retinal images using local window mutual information
Presentation / Conference Contribution

In this paper we consider the problem of non-rigid retinal image registration between colour fundus photographs and Scanning Laser Ophthalmoscope (SLO) images. Registration would allow for cross-comparison between modalities, giving both appearence a... Read More about Non-rigid elastic registration of retinal images using local window mutual information.

Incorporating neighbourhood feature derivatives with Mutual Information to improve accuracy of multi-modal image registration
Presentation / Conference Contribution

In this paper we present an improved method for performing image registration of different modalities. Russakoff [1] proposed the method of Regional Mutual Information (RMI) which allows neighbourhood information to be considered in the Mutual Inform... Read More about Incorporating neighbourhood feature derivatives with Mutual Information to improve accuracy of multi-modal image registration.

Improving accuracy and efficiency of registration by mutual information using Sturges’ Histogram Rule
Presentation / Conference Contribution

Mutual Information is a common technique for image registration in the medical domain, in particular where images of different modalities are to be registered. In this paper, we wish to demonstrate the benefits of applying a common method known in st... Read More about Improving accuracy and efficiency of registration by mutual information using Sturges’ Histogram Rule.

Outputs (56)