Dr. Phil Legg is an Associate Professor in Cyber Security and Programme Leader for MSc Cyber Security at the University of the West of England (UWE Bristol), UK. His research interests address many aspects of Cyber Security, including how machine learning, visual analytics, and human-computer interaction are used within cyber security, to improve interpretability and understanding of risk, and to improve robustness and trust of modern security technologies. His research ranges from insider threat detection and cyber situational awareness, through to human-machine teaming for assessing confidence and trust of multiple agents, and active adversarial machine-learning for identifying security vulnerabilities in learning systems. At UWE Bristol, he is an active researcher within the Computer Science Research Centre in the Department of Computer Science and Creative Technologies.

He holds a B.Sc. and Ph.D., both in Computer Science, from Cardiff University. He has also held post-doctoral research and teaching roles at Swansea University and the University of Oxford. He holds a Postgraduate Certificate in Teaching and Learning for Higher Education (Distinction), and is a Fellow of the Higher Education Academy. He is also a professional member of the IEEE and the BCS.

More details available here...


May 2019 - Jonathan White (MSc Cyber Security student) has been awarded a NCSC Summer Internship to work on ``Improving cyber security in the home: detection, analysis, and understanding of IoT and home network threats for non-expert users.'' We also had the official launch event of our new Cyber Security enterprise studio, with Chris Skidmore MP, Minister of State for Universities, Science, Research and Innovation. The studio will aims to bring students and industry closer to work on short projects. The initiative is supported by the Institute of Coding.

April 2019 - Our recent work (Xu, Cao, Li, Legg, P. and Liu) entitled ``Venue2Vec: An efficient embedding model for fine-grained user location prediction in geo-social networks'' has been published in the IEEE Systems journal. Our work on establishing a UK community within cyber security education with colleagues from Abertay and Kingston was presented at the NCSC flagship conference, CYBER UK.

March 2019 - Our recent work (Mills, Spyridopoulos, Legg) entitled ``Efficient and Interpretable Real-Time Malware Detection Using Random-Forest'' has been accepted for the 2019 IEEE International Conference on Cyber Situational Awareness (CyberSA). Alan Mills (2nd year BSc Forensic Computing and Security undergraduate at UWE) led the work on developing a light-weight Raspberry Pi malware classifier system that not only detects malware in real-time, but also allows users to examine and assess how the classifier has made the decision. He will present the work at this year's conference, which will be held at the University of Oxford in June.

February 2019 - Our recent work on human-machine collaboration to improve performance of active machine learning has been published in the Human-centric Computing and Information Sciences journal. The work by our team (Legg, Smith, Downing) studies how visual analytics can help inform humans in the development of machine learning models to identify limitations and robustness of models when learning from small limited data samples. We also demonstrate how both humans and machines can inform each other on their levels of confidence when performing such tasks, to suitably account for uncertainty in further decision-making tasks.

January 2019 - I served on the National Cyber Security Centre (part of GCHQ) assessment panel for the Academic Centres of Excellence in Cyber Security Research Doctoral Studentships Programme.
December 2018 - I attended the National Cyber Security Centre (NCSC) annual education event, "Inspiring and educating future generations in cyber security". At the event, colleagues and I presented our work on developing a greater sense of community and sharing within UK cyber security education. We launched the UK Chapter of the Colloqium for Information Systems Security Education (CISSE UK).

November 2018 - I am currently recruiting for a 3-year fully-funded PhD scholarship, working in the area of Cyber Security at UWE Bristol. This project aims to explore the utilisation of Blockchain technology within secure military defence environments, for sharing of collaborative supply chain documents that may contain both public and private elements. The project is funded jointly by UWE Bristol and Techmodal Ltd. Please get in touch if you are interested or would like to discuss this post further. Full details are available here.

October 2018 - I presented research at the 1st Interdisciplinary Symposium on Organised Crime, on the topic of "Cybercrime and insider threat - can AI save us from these adversaries?", hosted by the Centre for Applied Legal Research at UWE Bristol. I also attended the South West Security Awareness Special Interest Group (SASIG) event in Bristol.

September 2018 - I successfully completed the Cybersecurity Infrastructure Configuration training with Palo Alto Networks, to become a Palo Alto Networks Cybersecurity Academy Instructor. I presented our DASA-funded project on "Human-centric Active-learning for decision Support in Threat Exploration" at the DSTL Science and Technology Autonomy event. I am also delighted to announce that have recently been appointed to the position of Associate Professor of Cyber Security at UWE Bristol.

August 2018 - Research by PhD candidate Emmanuel Smith entitled ``Visualising State Space Representations of LSTM Networks'' has been accepted for the Workshop on Visualization for AI Explainability, co-located with IEEE VIS 2018.

July 2018 - Two undergraduate students have joined the Computer Science Research Centre that I am supervising as part of the UWE Summer Internship Scheme. Adam Chakof is working with myself and Dr. Fiona Carroll on visualising cyber space for non-expert users, and Anirudh Singh is working with myself and Prof. Jim Smith on understanding user confidence and trust when labelling data for machine learning classifiers.

June 2018 - I am attending the Colloquium for Information Systems Security Education (CISSE) in New Orleans with colleagues from academia and government, as part of an initiative for developing a UK cyber security skills network. I am also presenting as part of the Bristol Festival of Learning, on the topic of "What do we really mean by Cyber Security?"

May 2018 - I served as an assessment panel member for the 2018 UKRI Centre for Doctoral Training in Artificial Intelligence outline stage.

April 2018 - I am a Program Chair for the International Conference on Engineering Applications of Neural Networks (EANN 2018), that will be held at UWE Bristol in September. I am also a Session Chair for Collective, Distributed and Multi-Criteria Decision-Making Approaches for Supporting Cyber-Physical Security Analytics at the IEEE International Conference on Systems, Man and Cybernetics (SMC 2018) - The Making of a Human-Centered Cyber World.

March 2018 - I have been appointed as programme leader for the new MSc Cyber Security at UWE Bristol. We are currently looking to recruit talented and motivated students who are interested to gain skills for dealing with modern threats in cyber space, for our first intake of September 2018. Please visit the course page for futher detail and information on how to apply.

February 2018 - Research by our team in the AI group (Smith, Legg, Matovic) and the UWE psychology department (Kinsey) has been accepted for journal publication in ACM Transactions on Interactive Intelligent Systems (TiiS). The paper, entitled "Predicting User's Confidence during Visual Decision Making" will be included in an upcoming special issue on the topic of Human-Centered Machine Learning.

January 2018 - Our team (Legg, Smith, Preen) have been awarded funding by the Defence Science and Technology Laboratory (DSTL) in order to conduct research on human-machine collaboration. The Defence and Security Accelerator (DASA) project, entitled "HASTE: Human-centric Active-learning for decision Support in Threat Exploration" will commence from February 2018.
December 2017 - I gave a guest lecture to the HCI research group at the University of Bristol, on ``Visual Analytics and Human-Machine Collaboration for Insider Threat Detection''. I was also invited to be a guest judge at the Techmodal Raspberry Pi developer contest.

November 2017 - I served on the National Cyber Security Centre (part of GCHQ) assessment panel for the Academic Centres of Excellence in Cyber Security Research Doctoral Studentships Programme.

October 2017 - Professor Min Chen (University of Oxford) presents our recent work at IEEE VIS in Phoenix, Arizona USA, on how communication theory can inform design separability in glyph visualisation, with a use case of visualising collaborative employee activity across complex shared file servers.

September 2017 - Emmanuel Smith presents our recent work on time-series event prediction using Long Short-Term Memory networks at the UK Workshop on Computational Intelligence in Cardiff.

August 2017 - I was invited to Adarga to give a talk on "Human-Machine Collaboration in Active Machine Learning".

July 2017 - Alexander Downing (1st Year Undergraduate at UWE Bristol) joins the AI research group on a 10-week Summer Internship scheme, working with Dr. Legg to develop visual analytic tools for interacting with machine learning processes.

June 2017 - Dr Arnau Erola (University of Oxford) presents our recent work for the DSTL-funded RicherPicture project, on context-aware data analytics for improving organisational cyber security at the International Conference of Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) in London.

May 2017 - I was interviewed by the Bristol Post to advise on how to stay safe online, following the recent WannaCry global cyber attack.

January 2017 - My book chapter on developing human-machine decision support systems for insider threat detection has been accepted for the upcoming Springer edited book, "Data Analytics and Decision Support in Cybersecurity".



Many of the research projects I am involved with sit at the intersection of data visualisation, visual analytics, machine learning, and cyber security. I am keen to establish new multi-disciplinary collaborations so that my expertise can provide practical real-world solutions for others. I can also offer business consultancy to help transform research ideas into practical development of software tools. If you would like to discuss potential opportunities further then please e-mail me at phil.legg@uwe.ac.uk.

Human-centric Active-learning for decision Support in Threat Exploration

How can machine learning help us to understand human decision making processes? How do we incorporate human knowledge with machine learning? How do humans explore and interact with machine learning processes?
Funded by the Defence and Security Accelerator (DASA), part of the Defence Science and Technology Laboratory

Selected Publications

Human-Centric Machine Learning

How can machine learning help us to understand human decision making processes? How can we understand and cater for the confidence of both user and machine? Can understanding confidence and process result in building greater trust between user and machine?
Funded by Faculty of Environment and Technology HEFCE QR

Selected Publications

Creating Machine Intelligence with Intelligent Interactive Visualisation

How can we predict global news occurrences using deep learning techniques? How can we reason about the predictions of such a complex system using interactive visualisation techniques?
PhD Student: Emmanuel Smith
Co-Supervised with Professor Jim Smith
Funded by UWE 50-50 PhD Studentship Scheme in collaboration with Montvieux

Selected Publications


How can we better understand, and better protect, our organisational situation awareness through business and threat-led machine learning?
Collaboration with University of Oxford
Funded by Defence Science and Technology Laboratory

Selected Publications

Enhanced Personal Situational Awareness

How can we enhance our understanding and control of what information our devices are sharing out, and to whom they may be sharing?
Funded by Vice Chancellor's Early Career Researcher Award

Selected Publications

Research Resources:


During the 2018-2019 academic year, I am involved with the following modules:

Details on previous teaching, and other useful teaching resources are available here.


For all enquiries, please e-mail phil.legg@uwe.ac.uk

Office 2Q17
Department of Computer Science and Creative Technologies
University of the West of England
Frenchay Campus
Coldharbour Lane
BS16 1QY