About

Dr. Phil Legg is Associate Professor in Cyber Security at the University of the West of England (UWE Bristol), UK. He is Co-Director of the UWEcyber Academic Centre of Excellence in Cyber Security Education (ACE-CSE), as recognised by the National Cyber Security Centre (NCSC). He is also Programme Leader for the NCSC-certified MSc Cyber Security.

His research intersects across Cyber Security, looking at how machine learning, visual analytics, and human-computer interaction are adopted within cyber security, to improve interpretability and understanding of risk, and to improve robustness and trust of modern security technologies. His early research addresses the robustness of machine learning and computer vision systems, as well as how such models can be utilised for insider threat detection and cyber situational awareness. More recently, he is interested in how human-machine teaming can help to establish confidence and trust in human-machine agents, and how active learning techniques can be used to interrogate model robustness and identify security vulnerabilities such as adversarial learning cases. At UWE Bristol, he is an active researcher within the Computer Science Research Centre in the Department of Computer Science and Creative Technologies.

He studied at Cardiff University for both his BSc Computer Science and his PhD Computer Science. After completing his PhD in 2010, he went on to post-doctoral research and teaching roles at Swansea University and the University of Oxford, working with a variety of stakeholders in industry and government. He then joined UWE Bristol in 2015. He holds a Postgraduate Certificate in Teaching and Learning for Higher Education (Distinction), and is a Fellow of the Higher Education Academy. He is a professional member of the IEEE and the BCS. He has CompTIA Security+ and Microsoft Azure certification.

Research

My research interests intersect Cyber Security, Machine Learning and Visual Analytics. In particular, I am interested in how we can use Machine Learning for Cyber Security, whilst ensuring that learning algorithms are robust to adversaries (e.g., "insider" threats, or those who can craft adversarial inputs). I'm also interested in how interactive ML can be used with visualisation to better facilitate cyber security analysts, creating a greater collaborative effort between human and machine analysis. Lastly, I have recently been interested in how ML can be used for cyber security defence, including the dynamic generation of deception networks, and the use of federated learning for increased privacy preservation in machine learning across distributed networks. My research has been successfully funded from a variety of external sources including UK Government and UK-based SMEs. Publication details are available on Google Scholar and my full academic profile. Example software and datasets can be found in the Resources section below.

Selected Research Projects

SCOUT: Fully automated enhanced risk assessment engine

How can machine learning be used to form greater understanding of complex and incomplete data attributes related to cyber crime, anti-money laundering, and counter-terrorism financing?
Collaboration with Synalogik Ltd.
Funded by InnovateUK. (2020-2021)
More details

CAVForth Cyber Security

What are the cyber security issues related to connected autonomous vehicles, and how can we mitigate against these in provided a fully-automated public transport service?
Collaboration with Fusion Processing Ltd. and the Bristol Robotics Laboratory.
Funded by Centre for Connected Autonomous Vehicles and InnovateUK. (2020-2021)
More details

HASTE: Human-centric active-learning for decision support in threat exploration

How can machine learning help us to understand human decision making processes? How do we incorporate human knowledge with machine learning? How do humans explore and interact with machine learning processes?
Funded by the DSTL Defence and Security Accelerator (DASA). (2018)

RicherPicture: Automated network defence through business and threat-led machine learning

How can we better understand, and better protect, our organisational situation awareness through business and threat-led machine learning?
Collaboration with Cyber Security Oxford.
Funded by the Defence Science and Technology Laboratory (DSTL). (2015-2017)

ePSA: Enhanced Cyber Security through Personal Situational Awareness

How can we enhance our understanding and control of what information our devices are sharing out, and to whom they may be sharing?
Funded by UWE Vice Chancellor's Early Career Researcher Award (2015-2016)

Visualising the Insider Threat

How can visual analytics support and relay human intution back into machine learning detection tools?
Funded by UWE Faculty of Environment and Technology (2015-2016)

Research Supervision

I currently supervise 4 PhD students in Machine Learning and Cyber Security, who as part of their research activities work collaboratively with UK-based SMEs.

Andrew McCarthy

Building Trust through Interactive Inspection of Adversarial Machine Learning Attacks.
Collaborative research project with Techmodal Ltd. (2019)

Gwyn Wilkinson

Shared Collaborative Project Planning in Secure Federated Learning Environments.
Collaborative research project with Techmodal Ltd. (2019)

Yawei Yue

Security and Privacy Behaviour Modelling and Analysing in the Internet of Things (IoT). (2019)

Teaching

I am Programme Leader for the MSc Cyber Security at UWE Bristol, which is fully certified by the National Cyber Security Centre (NCSC). I teach Information Risk Management as part of the MSc Cyber Security. I also teach Security Data Analytics and Visualisation on the undergraduate BSc Cyber Security and Digital Forensics programme. I also supervise a number of undergraduate projects and postgraduate dissertations each year.

I help to organise outreach educational activities with our local communities, involving schools and businesses. At UWE Bristol, we have hosted NCSC CyberFirst competitions and Cyber Security Challenge UK. We have also hosted education events for local school teachers, and we have industry partners that we collaborative with to deliver workshop activities.

I am also a co-founder of CISSEUK (Colloquium on Information Systems Security Education UK), a recent UK initiative with long-standing US history that seeks to develop a collaborative learning and teaching community in Cyber Security, both across the UK and with CISSE USA.

Current Taught Modules

Security Data Analytics and Visualisation (SDAV)

UFCFEL-15-3

This module was live online Autumn 2020 (UWE Teaching Block 1).
Module videos and tutorials are available via my YouTube SDAV Playlist. Other course materials (iPython Notebooks examples and assignments) available on UWE Blackboard or by request.

Computers and Network Security

UFCFVN-30-M

Currently live Spring 2021 (Teaching Block 2).

IoT Systems Security

UFCF8P-15-M

Currently live Spring 2021 (Teaching Block 2).

Critical Systems Security

UFCF7P-15-M

Next module run will be Summer 2021 (UWE Teaching Block 3).

Information Risk Management (IRM)

UFCFWN-15-M

Next module run will be Summer 2021 (UWE Teaching Block 3).

News
March 2021 - I presented at the Cardiff University Cybersecurity, Privacy and Human-Computer Collaboration Seminar: "Light bulbs and race cars: Cyber security education using remote cyber-physical systems".

February 2021 - We have been successful in attracting research funding from the Cyber Security Body of Knowledge, to pursue the project "Teaching CyBOK Cyber Physical Systems Security through interactive simulation". More details.

January 2021 - I served as Chair for the NCSC CyberFirst schools panel, and as a Panel Reviewer for the NCSC Master Certification panel.

December 2020 - Our recent survey "Deep Learning-Based Security Behaviour Analysis in IoT Environments: A Survey", has been sucecssfully published in the Security and Communication Networks journal by Hindawi. More details

November 2020 - Our recent research on evasive malware detection, "Investigating Anti-Evasion Malware Triggers Using Automated Sandbox Reconfiguration Techniques" has been successfully published in the Journal of Cybersecurity and Privacy. More details

September 2020 - I presented an online keynote at the CASUGOL Nights Out event on "Cyber Security, AI and Digital Futures".

July 2020 - We hosted a one day practical workshop via CISSEUK on Practical Cyber Security education. As part of this, we presented on novel outreach projects using video conferencing and remote IoT devices for "hacking the IoT home".

June 2020 - We had 3 papers presented at the IEEE Cyber Science 2020 virtual conference. Gwyn Wilkinson presented his work ""What did you say?": Extracting unintentional secrets from predictive text learning systems" that explores how predictive text systems can be forced to leak sensitive information. Andrew McCarthy presented his work "Shouting through letterboxes: A study on attack susceptibility of voice assistants" that looks at how voice assistents such as Amazon Alexa can be fooled to execute alternative commands. Finally, Fiona Carroll presented "The Visual Design of Network Data to Enhance Cyber Security Awareness of the Everyday Internet User" which looks at how information can be communicated with end-users to inform their understanding of their online browsing habits.

May 2020 - We are delighted to announce that our MSc Cyber Security course at UWE Bristol has been recognised by the National Cyber Security Centre for Full Certification.

April 2020 - Due to COVID-19, we have had to postpone cyber security activities whilst we move our delivery to online.

March 2020 - Working with colleagues in the Faculty of Business and Law, and with Synalogik, we have successfully attracted InnovateUK funding for developing AI methods in risk analysis and assessment. We have also successfully secured an internship working with the NCSC in the area of malware visualisation. Our UWEcyber outreach work has continued, and three students, Thomas Higgs, Pennie Spruhan, and Avin Karim, have been running Scalectrix hacking events in schools around Bristol.

February 2020 - CISSEUK hosted a one-day workshop on how we teach students about `experience'. As the main barrier to entry for many students, academics consider how best to integrate experience as a skill that students can report on when interviewing for roles. It was a productive and insightful workshop with a number of interesting outcomes reported. We also took our BSc and MSc students on a field trip to Abertay University, to the Securitay Conference. This is a largest student-organised security conference in Europe, and was a fantastic opportunity to offer our students.

January 2020 - I am working with colleagues in the Bristol Robotics Laboratory on the ``CAVForth'' project. This project is exploring the cyber security considerations around Connected and Autonomous Vehicles, to develop a fully autonomous bus for commuting on the Forth bridge in Edinburgh. I also acted as an External PhD Examiner at Cardiff University, reviewing work in the area of malware analysis and propagation via social networks.

Resources

Research Resources

PhishVis

Node-link Python Flask application for assessing email activity, which was used to demonstrate the propagation of a spearphishing 'blue button' campaign. Please Note: The software download DOES NOT contain the original dataset - please email to request access.
Download the Open Access Paper.
Download the Software.
Watch the video.

HASTE

Interactive learning tool that brings together object detection, semantics and positional information, and incorporates eye-tracking and mouse activity capture to identify human reasoning process.
Watch the video.
Software available from GitLab - please email to request access.

ActiVAte

Visual Analytics in Active Machine Learning.
Download the Open Access Paper.
Software available from GitLab - please email to request access.

InsiderThreatVis

Tool that combines iPCA and radial activity visualisation to identify malicious users.
Download the Open Access Paper.
Download the CMU CERT Insider Threat Dataset.
Watch the video.
Software available from GitLab - please email to request access.

Interactive PCA

An example Python Flask application for Interactive Principal Component Analysis (PCA).
Download the Software.

Videos

You can find more videos on my YouTube channel - covering SDAV, IRM, MSc Cyber Security talks, research activities, and other useful materials.

Contact

If you are interested in my work please do get in touch (Phil.Legg@uwe.ac.uk). I am always keen to discuss new opportunities for collaboration, whether this be research, teaching, outreach or external engagement.