Assessing the Health of a Network Under Attack

When faced with a malware outbreak, the health of a computer network is hard to quantify. Calculating the number of infected nodes is a straightforward approach, but it fails to capture intricacies of the devices that make up the network. The choice between which of two network states is preferable might not correlate directly with the number of infected nodes in each, as different nodes carry different importance to the overall function of the network. In this paper we propose a method of assessing the health of a network under attack from a malware outbreak. The proposed method allows for a quantitative measure of how well a network is handling a malware outbreak, as well as the comparison between different network states and the ranking of possible mitigating actions. The method proposed can be adapted to different networks, with its usefulness increasing with the amount of data available for a given network.

Spreading the Word: Exploring a Network of Mobilizing Messages in a Telegram Conspiracy Group

Telegram’s design prioritizes user security and minimal content moderation, making it appealing for communities banned from mainstream platforms, such as conspiracy influencers or far-right movements. We examine the bi-directional behavior of users in a conspiratorial Telegram group chat during the COVID-19 pandemic from 2020-2023. We find that the network structure of this community evolved throughout the pandemic, where the network grew both in the number of active users, as well as in the number of interactions. This increased interconnectivity coincided with surges in planning discussions for associated offline protests. We note that Telegram is the ideal platform for large-scale mobilization due to affordances including lack of content moderation which encourages more extreme speech, and other affordances that promote community engagement.

Rage against the machine: exploring violence and emotion in conspiracy narratives on Parler

The mainstreaming of conspiracy narratives has been associated with a rise in violent offline harms, from harassment, vandalism of communications infrastructure, assault,and in it’s most extreme form, terrorist attacks. Group-level emotions of anger, contempt, and disgust have been proposed as a pathway to legitimizing violence. Here, we examine expressions of anger, contempt, and disgust as well as violence, threat, hate, planning, grievance, and paranoia within various conspiracy narratives on Parler. Wefound significant differences between conspiracy narratives for all measures and narratives associated with higher levels of offline violence showing greater levels of expression.

Original preprint: "Social Media APIs: A Quiet Threat to the Advancement of Science": psyarxiv, pdf

SANTA: Semi-supervised Adversarial Network Threat and Anomaly Detection System

With the exponential increase in devices connected to the Internet, the risk of security breaches has in turn led to an increase in traction for machine learning based intrusion detection systems. These systems involve either supervised classifiers to detect known threats or unsupervised techniques to separate anomalies from normal data. Supervised learning enables accurate detection of known attack behaviours but requiring quality ground-truth data, it is ineffective against new emerging threats. Unsupervised learning-based systems address this issue due to their generalizable approach; however, they can result in a high false detection rate and are generally unable to detect specific types of each threat. We propose an ensemble technique that addresses the shortcomings of both approaches through a semi-supervised approach which detects both known and unknown threats in the network by analysing traffic metadata. The robust approach integrates A) an adversarial regularisation based autoencoder for unsupervised representation learning and B) supervised gradient boosted trees to detect the type of detected threats. The adversarial regularisation enables a reduced false positive rate and the combination of the autoencoder with the supervised stage enables resiliency against class imbalance and caters to the ever-evolving threat landscape by detecting previously unseen threats and anomalies. SANTA’s ability to detect never-before-seen threats also indicates its potential to address the concept drift, a phenomenon where the known threat changes its behaviour/attack sequence over time. The system is evaluated on the CSE-CIC-IDS2018 dataset, and the results confirm the resilience and adaptability of the SANTA system against known shortcomings of both supervised and unsupervised approaches.

Platform-controlled social media APIs threaten Open Science

Social media data enable insights into human behaviour. Researchers can access these data via platform-provided Application Programming Interfaces (APIs), but these come with restrictive usage-terms that mean studies cannot be reproduced or replicated. Platform-owned APIs hinder access, transparency, and scientific knowledge.

Original preprint: "Social Media APIs: A Quiet Threat to the Advancement of Science": psyarxiv, pdf

Security of Input for Authentication in Extended Reality Environments

In this concept paper, we evaluate the security impact of accelerometer data for authentication in extended reality (XR) environments. Currently, there is a lack of authentication mechanisms in VR/XR environments. Most authentication is carried out through PINs and passwords which detracts from the immersive experience and inconveniences the user. Motion-based gesture techniques have recently shown potential in authentication users in VR environments. However, the state-of-the-art works have not considered the issue of VR being a visible activity which would yield gestures used to authenticate vulnerable to mimicry. We demonstrate how subtle changes to a user interface (UI) can increase the complexity and cost of eavesdropping on users in VR environments, and propose directions for future research. We call on the industry to acknowledge and design around the unique security challenges of authentication in VR.

Cryptocurrency Analytics

Bitcoin, a decentralised, tamper-resistant and cryptographic digital currency based on blockchain was introduced over a decade ago in response to the role of banks in the financial crisis. There are now thousands of competing cryptocurrencies with different technical characteristics that offer different efficiency, security, anonymity and capability though only a handful are used in any scale. Although usage has remained modest, Bitcoin spawned a whole ecosystem of cryptocurrencies with a peak market value of 800 billion USD.

One of the biggest misconceptions around blockchain is that it is an anonymous means of conducting financial transactions. Blockchain is a form of distributed database that resists tampering and enables trustless transactions between multiple participants through cryptographic signatures to securely and verifiably record exchanges. Not all blockchains are the same and not all of them are intended to replace currency.

Cryptocurrencies are easily purchased through mainstream exchanges with credit card and mobile apps and they are now of major significance to cyber security. For the operators of ransomware, Bitcoin is a desirable payment option due to the ease of access for victims. Dark net markets often utilise cryptocurrencies as unlike other payment methods, the censor-resistance of the technology means it is not possible for law enforcement to shut down payments.

Whilst Bitcoin lacks anonymity, it is relatively easy and cheap to obfuscate the source and destination of funds by making a series of convoluted transactions. The presence of unregulated exchanges also enables easy conversion to traditional currencies without appropriate checks. However, despite negative media perceptions, there are many legitimate businesses utilising cryptocurrencies. For these organisations, ensuring they perform due diligence with regards to anti-money laundering and related regulation is a significant challenge.

Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations

Extended reality technologies such as virtual reality are becoming increasingly common for enterprise applications. They have the potential to create secure multi-user environment in previously less-secure spaces, without the need for privacy filters or secure rooms. In this pilot paper we explore how malicious actors may be able to eavesdrop on a virtual reality session, by tracking the physical movements of a user. This is carried out using a third-party accelerometer, attached to the user. Through initial experimentation, we observe that specific actions and session types can be identified through visual analysis of the accelerometer. We posit there is substantial potential for sophisticated and automatic classification of user activity in VR. We discuss how this may enable eavesdropping by malicious actors, or could serve as a mechanism for improved security.

Unconventional Mechanisms for Biometric Data Acquisition via Side-Channels

In this paper, we discuss the proliferation of household smart devices and review the literature to explore whether the implementation characteristics of such systems may provide avenues of attack to obtain private biometric data. Examples include the use of mechanical hard drives as audio microphones and interception of soft-keyboard input through audio analysis of haptic feedback. As the use of biometric data increases in casual environments, the opportunity for it to be stolen in unexpected ways is also increasing. There are many examples of the technology being utilised by hackers to enable unexpected use such as spoofing. We examine the importance and sanctity of biometric data in the modern world and posit that manufacturers must avoid complacency and advocate secure design, to ensure security and privacy of users.

Cryptocurrency Analytics

Bitcoin, a decentralised, tamper-resistant and cryptographic digital currency based on blockchain was introduced over a decade ago in response to the role of banks in the financial crisis. There are now thousands of competing cryptocurrencies with different technical characteristics that offer different efficiency, security, anonymity and capability though only a handful are used in any scale. Although usage has remained modest, Bitcoin spawned a whole ecosystem of cryptocurrencies with a peak market value of 800 billion USD.

One of the biggest misconceptions around blockchain is that it is an anonymous means of conducting financial transactions. Blockchain is a form of distributed database that resists tampering and enables trustless transactions between multiple participants through cryptographic signatures to securely and verifiably record exchanges. Not all blockchains are the same and not all of them are intended to replace currency.

Cryptocurrencies are easily purchased through mainstream exchanges with credit card and mobile apps and they are now of major significance to cyber security. For the operators of ransomware, Bitcoin is a desirable payment option due to the ease of access for victims. Dark net markets often utilise cryptocurrencies as unlike other payment methods, the censor-resistance of the technology means it is not possible for law enforcement to shut down payments.

Whilst Bitcoin lacks anonymity, it is relatively easy and cheap to obfuscate the source and destination of funds by making a series of convoluted transactions. The presence of unregulated exchanges also enables easy conversion to traditional currencies without appropriate checks. However, despite negative media perceptions, there are many legitimate businesses utilising cryptocurrencies. For these organisations, ensuring they perform due diligence with regards to anti-money laundering and related regulation is a significant challenge.

Simulation of Malware Propagation and Effects in Connected and Autonomous Vehicles

Connected and autonomous vehicles (CAVs) are an emerging technology that will introduce new threats to the general public. Impending standards (such as ISO21434) demonstrate that there is a real cyber security risk and a need for supporting infrastructure in the form of vehicle security operations centre. In this concept paper we discuss some of the issues facing vehicle security as the technology matures over the next few years and look at how epidemiological models for malware might be developed to address concerns over vehicle cyber threats. We detail our development of Mobius, a bespoke tool for simulating and analysing malware events in CAVs and explore how the technology might be applied to support real-world decision making. As a part of the need for cyber resilience, we suggest there is a key role for vehicle simulation software capable of modelling cyber threats to assist with threat analysis and decision making for highway authorities, OEMs and fleet operators, amongst others. We present a summary of compartmental epidemiological models and the role they can play in understanding malware propagation for CAVs.

Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks

In this paper, we show that analysis of acoustic emanations recorded from haptic feedback during gesture-typing sessions is a viable side-channel for carrying out eavesdropping attacks against mobile devices. The proposed approach relies on acoustic emanation resulting from haptic events, namely the buzz of a small vibration motor as the finger initiates the gesture-typing of a work in a sentence. By analysing time between haptic feedback events, it is possible to identify the text that a user enters via the soft keyboard on their device. The attack requires no prior interaction or need to install software on the target device (unlike similar works); only the ability to record audio within the vicinity. We present an experimental framework to illustrate the feasibility of the attack. In the experiments we show that sentences can be detected with an accuracy of 70% with some sentences identified with up to 95% accuracy. The attack can be conducted with minimal computation and on non-specialist consumer equipment. The paper concludes by proposing a number of countermeasures that mitigate the ability of an attacker to successfully intercept keyboard input.

Automated diagnosis of prostate cancer with statistical models

Prostate cancer (PCa) is the most common cancer affecting men and though it is often treatable, late detection and/or incorrect classification of cancer can lead to inadequate treatment. The most common imaging modalities used in PCa detection are ultrasound (US) and magnetic resonance (MR) imaging and PCa classification relies on biopsy of cancer. Biopsy procedures are invasive and notorious for poor detection rates and associated risks. The automatic analysis of prostate US and MR data towards PCa classification is expected to improve patient outcomes and is at the foundation of this thesis.

This is an investigation into the use of multiscale intensity features and tissue distribution maps for improve prostate cancer diagnosis and staging. Early PCa diagnosis is problematic and requires invasive procedures that can carry risk without a high degree of sensitivity. With the help of enhanced imaging and the application of computer aided methods we can aim to improve diagnostic accuracy. In our efforts towards improved PCa diagnosis we have presented three major pieces of work, covering image pre-processing, classification and disease modelling.

Firstly, we have investigated denoising of US images and compared four different approaches on simulated and real data, which indicated the advantage that Speckle Reducing Anisotropic Diffusion has over the other methods investigated. We examine work presented in existing publications and hypothesise that there exists potential for further analysis of speckle noise as an indicative feature of images.

Secondly, for MR images we present a novel texture-based segmentation of PCa within the prostate. We investigated a number of texture features (e.g. local binary patterns and co-occurrence matrices) and their use in combination, which were effective at detecting PCa, but at the cost of a high number of false positive regions. This also indicated poor performance due to having the peripheral and central zone combined. We suggest that the use of multi-scale features, making use of local statistics, co-occurrence and micro-structures (through LBPs) provides a robust means of differentiating tissue types within the prostate.

Thirdly, we propose a data driven approach for modelling prostate cancer. Using prostate and disease boundary information from experts, we performed registration of multiple patient cases to generate a model of tumour tissue distribution. The model serves as an \textit{a priori} data source to enhance prostate tissue classification and is in line with expectations (majority projection within the peripheral zone) when compared to standard medical knowledge. We refer to this as a prostate cancer distribution map.

We combine our PCa distribution map with our previous method for tissue detection within the prostate and demonstrate that it provides enhance classification results. The distribution map aligns with the peripheral zone in the majority of test cases, which helps to minimise bias from features in other regions of the prostate.

We analyse the results of our research and propose several modifications. The investigated techniques could form the basis for a PCa computer aided diagnosis system, which is discussed.

Bitcoin Transaction Analysis with Machine Learning

Although the blockchain does not provide a link to real-world entities, it contains detailed information of all transactions. We employ state-of-the-art machine learning and visualisation to help analysts identify connected wallets.

Teaching Computational Thinking by Playing Games and Building Robots

Computing in schools has gained momentum in the last two years resulting in GCSEs in Computing and teachers looking to up skill from Digital Literacy (ICT). For many students the subject of computer science concerns software code but writing code can be challenging, due to specific requirements on syntax and spelling with new ways of thinking required. Not only do many undergraduate students lack these ways of thinking, but there is a general misrepresentation of computing in education. Were computing taught as a more serious subject like science and mathematics, public understanding of the complexities of computer systems would increase, enabling those not directly involved with IT make better informed decisions and avoid incidents such as over budget and underperforming systems. We present our exploration into teaching a variety of computing skills, most significantly "computational thinking", to secondary-school age children through three very different engagements. First, we discuss Print craft, in which participants learn about computer-aided design and additive manufacturing by designing and building a miniature world from scratch using the popular open-world game Mine craft and 3D printers. Second, we look at how students can get a new perspective on familiar technology with a workshop using App Inventor, a graphical Android programming environment. Finally, we look at an ongoing after school robotics club where participants face a number of challenges of their own making as they design and create a variety of robots using a number of common tools such as Scratch and Arduino.

Creative Computing with Minecraft

Computer Science in schools has gained momentum in the last two years resulting in GCSEs in the discipline and teachers looking to up-skill from Digital Literacy (ICT). This paper explores using the popular online 3D environment Minecraft as a tool for understanding computational thinking, computer aided design (CAD) and manufacturing.

MR/TRUS data fusion for improved diagnosis and staging

Prostate cancer diagnosis is typically achieved through a series of PSA, DRE and TRUS biopsy procedures. As the cost, ease and availability of imaging changes, MR becomes a candidate for casual prostate cancer screening.

Current approaches to the fusion of MRI and US information tend to rely on manual intervention or bespoke technology.

Our research concerns automatic segmentation and matching of the prostate across modalities; including registration between common 2D TRUS and 3D MR. The outcome of this fusion will form the basis for clinical evaluation with respect to diagnosis and localisation of prostate cancer.

Ultrasound is a notoriously difficult imaging modality; by introducing information from MR we can provide urologists with a means of performing highly targeted biopsies where this is not typically possible. Not only could this work improve the accuracy of biopsy, but also provide further information for staging, thus enhancing clinical decision making ,leading to the most effective therapy

Acquisition of a priori Information from Groupwise Registration of Inter-Patient Prostate Boundaries in MR

Registration is a complex computer vision issue that can be simplified with the aid of prior knowledge. In this paper we present the application of the groupwise method known as congealing with prostate boundaries to derive a series of transforms that can be applied to other foci for registration. Congealing provides us with transformation vectors for each image that we apply to known tumour boundaries in order to obtain a probability distribution for use as prior knowledge in future work. In this way we are able to visualise tumour locations on an mean prostate representation and provide a ‘cancer prior’ for future prostate work. The results of our initial experiment demonstrate a reliable set of affine transforms for use with prostate MR.

Coping with Noise in Ultrasound Images: A review

Ultrasound is notorious for having significant noise with a low signal-to-noise ratio. This inhibits the performance of segmentation and causes difficulty for clinical evaluation, thus noise reduction is paramount to achieving adequate segmentation in ultrasound images. Consequently, the modeling and handling of noise is a significant area of research. In this review paper we introduce the typical characteristics of noise in B-mode ultrasound and analyse th performance of multiple state-of-the-art methodologies for dealing with such noise. A similar paper was written by by Coupé et al. when they introduced OBNLM; though we provide an independent review and generalised description of the problem area. We also discuss the issue of typical image quality assessment methods and consider the impact speckle noise could have on ultrasound image analysis. Three state-of-the-art denoising algorithms (SRAD, SBF, and OBNLM) are evaluated using three different image quality assessment methods (SSIM, MSE and USDSAI) in comparison with traditional filters such as Lee’s. We worked with simulated phantom images, as well as prostate ultrasound images to assess these methods. SRAD and OBNLM seem to be the most effective algorithms and in our discussion we contemplate ways in which they might be further expanded.

2022 E&T Best Innovation in Intelligent Systems

My team's project Inflame, BT's epidemiological malware modelling tool won both the Innovation awards for Intelligent Systems and Cyber Security, as well as taking a silver prize for overall Innovation.

Developing cutting edge capabilities with inflame - epidemiological malware simulation and automated response using deep reinforcement learning.

“The application of epidemiological threat modelling and reinforcement learning to the fight against malware is a significant innovation in an area where continual improvement is desperately needed to keep up with ever evolving threats and to react faster to time critical incidents.”

2022 E&T Best Innovation in Cyber Security and Information Assurance

My team's project Inflame, BT's epidemiological malware modelling tool won both the Innovation awards for Intelligent Systems and Cyber Security, as well as taking a silver prize for overall Innovation.

Developing cutting-edge capabilities with inflame - epidemiological malware simulation and automated response using deep reinforcement learning.

“Both in established and developing nations, ransomware is a critical threat facing businesses and critical national infrastructure. Inflame’s application of epidemiological modelling to enhance response shows great potential to minimise the spread of internal infections and aid rapid containment.”

2020 E&T Excellence In Cyber Security

Connected and autonomous vehicles (CAVs) will see the spread of malware between vehicles. BT has developed Mobius, a cutting-edge geo analytics and malware simulation framework. Mobius enables anomaly detection and simulation for cyber physical traffic incidents. This will help detect, assess and prevent attacks on future vehicles.

2020 IEEE ISI Best Presentation Award

The "2020 IEEE ISI Best Presentation Award" will recognize an outstanding exhibition of research.

T. Andrade, M. Smith-Creasey and J. F. Roscoe, "Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations", International Conference on Intelligence and Security Informatics (ISI), IEEE, 2020 (Best Presentation Award)

TEISS Information Security Award 2018

We won the overall Information Security award for our submission, "Visualisation and Automated Detection of Cryptocurrency Transactions for Cyber Investigations".

ITP Innovator of the Year 2018

Innovator of the Year, sponsored by Nokia

https://www.theitp.org/annual_dinner_2018/itp_awards_2018

This was awarded for work supporting analysts with new research tools relating to cryptocurrency forensics.