Statistics in Cybersecurity: RSS Merseyside Local Group meeting report

On 7th December, the RSS Merseyside Local Group hosted our final event of the year, featuring two external speakers on use of statistics in Cybersecurity. The event was hosted within the University of Liverpool and a recording of the event has recently become available to watch back on the RSS Merseyside YouTube channel.

First, we welcomed Prof. Nick Heard, Chair of Statistics in the Department of Mathematics at Imperial College London, who discussed the task of “Identifying hacker groups in honeypots and other statistical challenges in cyber-security”. Prof. Heard introduced typical data formats for computer networks and how they can be leveraged to detect anomalous traffic, applying statistical methods like Hawkes processes and Fourier analyses. He then showed how Imperial are using a decoy ‘honeypot’ system to monitor network intruder behaviour. Prof. Heard’s team has extracted commands sent to this system and clustered them through topic modelling (a method usually reserved for analysis of natural human language) to identify intruder intent and types of behaviours engaged in.

We then welcomed Dr Antony Lawson, who is a Software Engineer with Darktrace PLC’s Cyber AI Research Centre. Dr Lawson presented his current research in “Analysing email structure to detect malicious intent”, emphasising the need for automated systems to secure emails against phishing, exortion and more. He showed how text and non-text features of emails can inform models to classify multiple types of email threats, borrowing from natural language processing (NLP). Dr Lawson then contexualised these models within wider systems of commercial cybersecurity that could, for example, detect compromised accounts based on typical email patterns of a sender.

Talks were followed by Q&A, which covered diverse topics such as how to validate approaches with limited ground-truthed data, staying one step ahead of malicious actors, and where ethics intersects with cybersecurity. This event gave some fascinating perspectives from both academia and industry on current practice and it was clear that the methods used to secure digital networks follow the same statistical principles that many of us use in our current work across entirely different fields!

The meeting was followed by the RSS Merseyside Local Group AGM. We plan to host further in-person events in February on modelling Neglected Tropical Diseases and in April on quantitative analyses of Eurovision data to celebrate Liverpool hosting the contest in 2023.
Photo: cottonbro
Load more