Prof. Phil Legg

The rapid deployment of 5G and Beyond-5G (B5G) edge networks introduces unique challenges for federated learning (FL) frameworks deployed at the edge, primarily due to heterogeneous non-IID data distributions and adversarial vulnerabilities. This paper proposes an adversarially robust federated learning (ARFL) mechanism that integrates hybrid feature selection and adversarial optimization to jointly enhance robustness against adversarial perturbations and improve computational efficiency under heterogeneous data distributions. The proposed methodology jointly optimizes classifier and adversary in a min–max formulation to enable robustness against perturbations of varying strengths. Experimental results on a real-world intrusion detection 5G-NIDD dataset demonstrates that standard FL suffers drastic deterioration under adversarial conditions, with accuracy, precision, recall, and F1-scores dropping to 20%–30% at ϵ=0.3. In contrast, the proposed ARFL framework consistently sustains performance above 92% across these metrics under all non-IID distributions, highlighting its robustness and reliability. Overall, ARFL achieves absolute adversarial accuracy improvements of 20%–70% points over standard FL while incurring only a marginal reduction in clean performance. Scalability experiments demonstrate the stability and efficiency of the ARFL framework, underscoring its suitability for real-world 5G edge deployments where robustness and efficiency are paramount.

The integration of smart sensors and actuators in industrial environments has expanded the cyber-physical attack surface, making it increasingly difficult to distinguish anomalies caused by cyberattacks from those due to mechanical or electrical faults. This challenge is exacerbated by stealthy, multi-stage attacks leveraging Living off the Land (LOTL) techniques, which often evade conventional anomaly detection or intrusion detection systems (IDS). This study presents a Digital Twin-based testbed for safe, repeatable simulation of multi-stage cyber-physical attacks targeting Cyber-Physical Systems (CPS) and Industrial Control Systems (ICS). We propose a two-level decision fusion method that aggregates and aligns anomalies across network, process, and host domains in synchronized 1-minute intervals. The first-level fusion improves OT-layer detection by applying confidence-aware decision logic to outputs combined from (a) a supervised deep learning model (LSTM-FCN) for process anomalies, (b) an unsupervised model (Isolation Forest) for OPC UA network anomalies, and (c) process alarm signals. The second-level fusion integrates these results with host-based anomalies, computed through point-based scoring of Wazuh alerts, to provide comprehensive IT/OT situational awareness. Experimental results demonstrate improved detection of stealthy, multi-stage APT attack behaviours. Additionally, Large Language Models (LLM) provide summarization of the integrated IT/OT anomaly logs into human-readable insights, enhancing interpretability and supporting cyber threat hunting.

This book provides reflection and account of innovative practice for how we approach teaching and learning for cyber security education. Cyber security continues to play a crucial role in our modern society, with a need to secure supply chain attacks and critical infrastructure. How we therefore educate in this area and how we encourage new ways of thinking and new ways of addressing these challenges require a community effort across academia, industry, and government to continually reflect and enhance our practice. The variety of works in this book includes the development of cyber escape rooms, gamification approaches for cyber security education, and AI-based learning platforms. The topics span across how we rethink of the insider threat in the age of AI, how social media interplays with cyber security education, and how we teach geopolitical aspects of cyber security. As a rapidly growing area of education, there are many fascinating examples of innovative teaching and assessment taking place; however, as a community we can do more to share best practice and enhance collaboration across the education sector. CSE Connect is a UK-based community group that promotes sharing and collaboration in cyber security education so that we can upskill and innovate the community together both nationally and internationally. The chapters of this book were presented at the 5th Annual Advances in Teaching and Learning for Cyber Security Education conference, hosted by CSE Connect at the University of Warwick, UK, on July 22, 2025. The book is of interest to educators, students, and practitioners in cyber security, both for those looking to upskill in cyber security education, as well as those aspiring to work within the cyber security sector.

Cyber-attacks on Industrial Control Systems (ICS), as exemplified by the incidents at the Maroochy water treatment plant and the Ukraine’s electric power grid, have demonstrated that cyber threats can inflict significant physical impacts. These incidents caused widespread service disruptions and substantial economic losses, underscoring the urgent need for an in-depth understanding of cyber threats in industrial environments. Industrial security research is usually conducted on physical testbeds to avoid safety issues, production interruptions and other operational constraints in industrial processes. Nevertheless, security defenders often encounter obstacles in developing or accessing physical testbeds due to associated costs and complexities. These factors hinder research progress to devise early detection mechanisms for cyber threats—essential for effective incident response. To overcome these obstacles, this paper presents a container-based virtual testbed. Its lightweight architecture enables replicable and efficient deployment of testbeds at low cost for simulating cyber threats on Cyber-Physical Systems (CPS)—the cornerstone of industrial automation and control systems. Also, the container-based virtual testbed provides a cost-effective option for producing datasets for training, testing and optimization of unsupervised anomaly detection models. Besides, an evaluation on resource consumption is conducted. The paper also discusses the benefits and limitations of proposed container-based ICS testbeds and suggests future research areas.

The aim of this reprint is to provide an overview of the current challenges within the cyber security community today, as recognized by our contributors. This reprint provides 16 papers from the Topical Collection on “Machine Learning and Data Analytics for Cyber Security” that cover topics of large language models for cybersecurity claim classification, adversarial machine learning attacks against intrusion detection systems, the detection of PLC process control anomalies, identifying session-replay bots compared to human users, and mitigating against side-channel attacks.

Large Language Models (LLMs) have demonstrated great potential across many domains, however their susceptibility to jailbreak attacks presents opportunities for malicious actors. These attacks manipulate LLMs to divulge sensitive information or generate harmful content, that could further be utilised in nefarious ways, including as part of cyber-enabled crime, hence presenting a crucial cyber security challenge for the safe and secure interaction of AI-enabled systems. Previous studies highlight the security challenges posed by multi-turn interactions, in which attackers strategically conceal their malicious intent through extended conversations. However, the influence of tense variations on the efficacy of such attacks has received limited attention. This study addresses this gap by systematically examining the role of tense manipulation in multi-turn jailbreak attacks on LLMs. We introduce a novel multi-turn jailbreak attack that specifically exploits past tense reformulation, along with a multi-turn dialogue dataset designed for cyber-related attacks. Experiments conducted on both open-source LLMs (Llama 2-7B, Qwen 2-7B) and closed-source LLMs (GPT-4o-mini, Gemini 2-flash) demonstrate that past tense reformulation significantly enhances attack performance, yielding an average increase of 25.30% with larger effect on closed-source models. These findings highlight the urgent need to strengthen LLM defence strategies against tense variations in multi-turn dialogues. The dataset and jailbreak artefacts are available at: https://github.com/Micdejc/llm_multiturn_attacks

With the evolution of 5G edge computing networks, privacy-aware applications are gaining significant attention due to their decentralised processing capabilities. However, these networks face substantial challenges to ensure privacy and security, specifically in a Federated Learning (FL) setup, where adversarial attacks can potentially influence the model integrity. Conventional privacy-preserving FL mechanisms are often susceptible to such attacks, leading to degraded model performance and severe security vulnerabilities. To address this issue, we propose FL with adversarial optimisation framework to improve adversarial robustness in 5G edge computing networks while ensuring privacy preservation. The proposed framework considers two models; a classifier model and an adversary model, where the classifier model is integrated with the adversary model, trained jointly considering Fast Gradient Sign Method (FGSM) for generation of adversarial perturbations. This adversarial optimisation enhances classifier’s resilience to attacks, thereby improving both privacy preservation and model accuracy. Experimental analysis reveals that the proposed model achieves up to 99.44% accuracy on adversarial test data, while improving robustness and sustaining high precision and recall across varying client scenarios. The experimental results further ensure the effectiveness of the proposed model in terms of communication efficiency and computational efficiency while reducing inference time and FLOPs making it ideal for secure 5G edge computing applications.

This book showcases latest trends and innovations for how we teach and approach cyber security education. Cyber security underpins the technological advances of the 21st century and is a fundamental requirement in today’s society. Therefore, how we teach and educate on topics of cyber security and how we overcome challenges in this space require a collective effort between academia, industry and government. The variety of works in this book include AI and LLMs for cyber security, digital forensics and how teaching cases can be generated at scale, events and initiatives to inspire the younger generations to pursue cyber pathways, assessment methods that provoke and develop adversarial cyber security mindsets and innovative approaches for teaching cyber management concepts. As a rapidly growing area of education, there are many fascinating examples of innovative teaching and assessment taking place; however, as a community we can do more to share best practice and enhance collaboration across the education sector. CSE Connect is a community group that aims to promote sharing and collaboration in cyber security education so that we can upskill and innovate the community together. The chapters of this book were presented at the 4th Annual Advances in Teaching and Learning for Cyber Security Education conference, hosted by CSE Connect at the University of the West of England, Bristol, the UK, on July 2, 2024. The book is of interest to educators, students and practitioners in cyber security, both for those looking to upskill in cyber security education, as well as those aspiring to work within the cyber security sector.

Suspicious Activity Reports (SAR) form a vital part of incident response and case management for the investigation of known or suspected money laundering. However, those submitting SARs, and those tasked with analysing SARs, often find the task overwhelming due to the complexity of reporting, the incompleteness of information available, and the ability to classify reports effectively for further processing. We explore the use of Natural Language Processing to facilitate this process. Specifically, we utilise the recent advances of Large Language Models to understand and classify SARs against the glossary code terms set out by the UK National Crime Agency. We also explore the privacy concerns of handling confidential and sensitive data with recent AI advancements and propose the use of offline open-source models, coupled with bespoke fine-tuning, to improve task-specific performance using a model that can be deployed locally without requiring data to be shared with external third parties. Our results show that this approach can yield effective classification accuracy on our test cases, offering a solution to develop bespoke smaller, offline models that maintain privacy and confidentiality, over online models that would compromise data privacy.

Delivering meaningful and inspiring cyber security education for younger audiences can often be a challenge due to limited expertise and resources. Key to any outreach activity is that it both develops a learner’s curiosity, as well as providing educational objectives. To address this need, we developed a novel learning and awareness activity that addresses the Cyber Physical Systems (CPS) Security knowledge area as mapped by the Cyber Security Body of Knowledge (CyBOK). At the core of our activity is the integration of the Raspberry Pi device with LEGO SPIKE kits. LEGO SPIKE is part of the LEGO Education system that combines colourful LEGO building blocks with motors and sensors, creating an adaptable and engaging learning environment. This hands-on approach allows participants to witness the tangible consequences of cyber and network actions in a physical and engaging format. To evaluate the effectiveness of the activity, we used the activity as part of an outreach activity day attended by approximately 300 students aged between 12-14 from schools across the West of England. Participants of the activity were surveyed and the results showed an increase in understanding of CPS specific and wider cyber security for over 90% of respondents. Activity engagement was also well received with no negative feedback. We report on our survey findings and discuss best practices to support other practitioners in developing hands-on interactive experiences for engaging and educational cyber security activities.

Modern software and networks underpin our digital society, yet the rapid growth of vulnerabilities that are uncovered within these threaten our cyber security posture. Addressing these issues at scale requires automated proactive approaches that can identify and mitigate these vulnerabilities in a suitable time frame. Fuzzing techniques have emerged as crucial methods to preemptively tackle these risks. However, traditional fuzzing methods encounter various challenges, such as a lack of strategy for deep bug identification, time-intensive bug analysis, quality of inputs, seed scheduling and others. To overcome these challenges, diverse Machine Learning (ML) models and optimisation techniques have been employed, including advanced feature engineering, optimised seed selection, refined predictive/fitness models, and Gradient-based optimisation. Furthermore, the use of ML architectures such as Long Short-Term Memory (LSTM), Generative Adversarial Network (GAN), Sequence-to-Sequence (Seq2Seq), and Generative Randomised Unit (GRU), have demonstrated greater effectiveness within ML-based fuzzing. In this paper, we delve into this paradigm shift, aiming to address fundamental challenges across different ML categories. We survey popular ML categories such as Traditional Machine Learning (TML), Deep Learning (DL), Reinforcement Learning (RL), and Deep Reinforcement Learning (DRL), to investigate their potential for enhancing traditional fuzzing approaches. We explore the respective advantages in each category of ML-based fuzzing, while also analysing the challenges unique to each category. Our work provides a comprehensive survey across the fuzzing domain and how machine learning techniques have been utilised, that we believe will be of use to future researchers in this domain.

As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has been very little work that has taken a longitudinal view of container security to observe whether vulnerabilities are being resolved over time, as well as understanding the real-world implications of reported vulnerabilities, to assess the evolving security posture. In this work, we study the evolution of 380 software container images across 3 analysis periods between July 2022 and January 2023 to analyse maintenance and vulnerabilities factors over time. We sample across the 3 DockerHub categories: Official, Verified and OSS (Sponsored) Open Source Software. We found that the number of vulnerabilities present increased over time despite many containers receiving regular updates by providers. We also found that the choice of container OS can dramatically impact the number of reported vulnerabilities present over time, with Debian-based images typically having many more vulnerabilities that other Linux distributions, and with some containers still reporting vulnerabilities that date back as far as 1999. However, when taking into account additional reported attributes such as the attack vector required and the existence of a public exploit rated higher than negligible, we found that for each analysis period, less than 1% of all vulnerabilities present what we would consider as high risk real-world impact. Through our investigation, we aim to improve the understanding of the threat landscape posed by software containerisation that is further complicated by the discrepancies between different vulnerability reporting tools.

Machine learning is key for automated detection of malicious network activity to ensure that computer networks and organizations are protected against cyber security attacks. Recently, there has been growing interest in the domain of adversarial machine learning, which explores how a machine learning model can be compromised by an adversary, resulting in misclassified output. Whilst to date, most focus has been given to visual domains, the challenge is present in all applications of machine learning where a malicious attacker would want to cause unintended functionality, including cyber security and network traffic analysis. We first present a study on conducting adversarial attacks against a well-trained network traffic classification model. We show how well-crafted adversarial examples can be constructed so that known attack types are misclassified by the model as benign activity. To combat this, we present a novel defensive strategy based on hierarchical learning to help reduce the attack surface that an adversarial example can exploit within the constraints of the parameter space of the intended attack. Our results show that our defensive learning model can withstand crafted adversarial attacks and can achieve classification accuracy in line with our original model when not under attack.