Dr. Phil Legg is Associate Professor in Cyber Security at the University of the West of England (UWE Bristol), UK. He is also the Programme Leader for the NCSC-certified MSc Cyber Security, and is Co-Director of UWEcyber.
His research intersects across Cyber Security, looking at how machine learning, visual analytics, and human-computer interaction are adopted within cyber security, to improve interpretability and understanding of risk, and to improve robustness and trust of modern security technologies. His early research addresses the robustness of machine learning and computer vision systems, as well as how such models can be utilised for insider threat detection and cyber situational awareness. More recently, he is interested in how human-machine teaming can help to establish confidence and trust in human-machine agents, and how active learning techniques can be used to interrogate model robustness and identify security vulnerabilities such as adversarial learning cases. At UWE Bristol, he is an active researcher within the Computer Science Research Centre in the Department of Computer Science and Creative Technologies.
He studied at Cardiff University for both his BSc Computer Science and his PhD Computer Science. After completing his PhD in 2010, he went on to post-doctoral research and teaching roles at Swansea University and the University of Oxford, working with a variety of stakeholders in industry and government. He then joined UWE Bristol in 2015. He holds a Postgraduate Certificate in Teaching and Learning for Higher Education (Distinction), and is a Fellow of the Higher Education Academy. He is a professional member of the IEEE and the BCS. He has CompTIA Security+ and Microsoft Azure certification.
My research interests intersect Cyber Security, Machine Learning and Visual Analytics. In particular, I am interested in how we can use Machine Learning for Cyber Security, whilst ensuring that learning algorithms are robust to adversaries (e.g., "insider" threats, or those who can craft adversarial inputs). I'm also interested in how interactive ML can be used with visualisation to better facilitate cyber security analysts, creating a greater collaborative effort between human and machine analysis. Lastly, I have recently been interested in how ML can be used for cyber security defence, including the dynamic generation of deception networks, and the use of federated learning for increased privacy preservation in machine learning across distributed networks. My research has been successfully funded from a variety of external sources including UK Government and UK-based SMEs. Publication details are available on Google Scholar and my full academic profile. Example software and datasets can be found in the Resources section below.
How can machine learning be used to form greater understanding of complex and incomplete data attributes related to cyber crime, anti-money laundering, and counter-terrorism financing?
Collaboration with Synalogik Ltd.
Funded by InnovateUK.
More details
What are the cyber security issues related to connected autonomous vehicles, and how can we mitigate against these in provided a fully-automated public transport service?
Collaboration with Fusion Processing Ltd. and the Bristol Robotics Laboratory.
Funded by Centre for Connected Autonomous Vehicles and InnovateUK.
More details
How can machine learning help us to understand human decision making processes? How do we incorporate human knowledge with machine learning? How do humans explore and interact with machine learning processes?
Funded by the DSTL Defence and Security Accelerator (DASA).
How can we better understand, and better protect, our organisational situation awareness through business and threat-led machine learning?
Collaboration with Cyber Security Oxford.
Funded by the Defence Science and Technology Laboratory (DSTL).
How can we enhance our understanding and control of what information our devices are sharing out, and to whom they may be sharing?
Funded by UWE Vice Chancellor's Early Career Researcher Award
How can visual analytics support and relay human intution back into machine learning detection tools?
Funded by UWE Faculty of Environment and Technology
I currently supervise 4 PhD students in Machine Learning and Cyber Security, who as part of their research activities work collaboratively with UK-based SMEs.
Building Trust through Interactive Inspection of Adversarial Machine Learning Attacks.
Collaborative research project with Techmodal Ltd.
Creating Machine Intelligence with Intelligent Interactive Visualisation.
Collaborative research project with Montvieux Ltd.
Shared Collaborative Project Planning in Secure Federated Learning Environments.
Collaborative research project with Techmodal Ltd.
Security and Privacy Behaviour Modelling and Analysing in the Internet of Things (IoT)
I am Programme Leader for the MSc Cyber Security at UWE Bristol, which is fully certified by the National Cyber Security Centre (NCSC). I teach Information Risk Management as part of the MSc Cyber Security. I also teach Security Data Analytics and Visualisation on the undergraduate BSc Cyber Security and Digital Forensics programme. I also supervise a number of undergraduate projects and postgraduate dissertations each year.
I help to organise outreach educational activities with our local communities, involving schools and businesses. At UWE Bristol, we have hosted NCSC CyberFirst competitions and Cyber Security Challenge UK. We have also hosted education events for local school teachers, and we have industry partners that we collaborative with to deliver workshop activities.
I am also a co-founder of CISSEUK (Colloquium on Information Systems Security Education UK), a recent UK initiative with long-standing US history that seeks to develop a collaborative learning and teaching community in Cyber Security, both across the UK and with CISSE USA.
UFCFEL-15-3
This module run is currently live from October 2020 (UWE Teaching Block 1).
Module videos and tutorials available via my YouTube channel. Other course materials (iPython Notebooks examples and assignments) available on UWE Blackboard or by request.
UFCFWN-15-M
Next module run will be April 2021 (UWE Teaching Block 3).
Investigating Anti-Evasion Malware Triggers Using Automated Sandbox Reconfiguration Techniques
Download the Open Access Paper.
Download the MORRIGU Project.
Download the MORRIGU Sample Dataset.
Node-link Python Flask application for assessing email activity, which was used to demonstrate the propagation of a spearphishing 'blue button' campaign. Please Note: The software download DOES NOT contain the original dataset - please email to request access.
Download the Open Access Paper.
Download the Software.
Watch the video.
Interactive learning tool that brings together object detection, semantics and positional information, and incorporates eye-tracking and mouse activity capture to identify human reasoning process.
Watch the video.
Software available from GitLab - please email to request access.
Visual Analytics in Active Machine Learning.
Download the Open Access Paper.
Software available from GitLab - please email to request access.
Tool that combines iPCA and radial activity visualisation to identify malicious users.
Download the Open Access Paper.
Download the CMU CERT Insider Threat Dataset.
Watch the video.
Software available from GitLab - please email to request access.
An example Python Flask application for Interactive Principal Component Analysis (PCA).
Download the Software.
You can find more videos on my YouTube channel - covering SDAV, IRM, MSc Cyber Security talks, research activities, and other useful materials.
If you are interested in my work please do get in touch (Phil.Legg@uwe.ac.uk). I am always keen to discuss new opportunities for collaboration, whether this be research, teaching, outreach or external engagement.