*Location:* Royal Statistical Society, 12 Errol Street, London, EC1Y 8LX

*Date:* 3rd October 2019, 2pm-5pm

This meeting is aimed at statisticians in general, as well as those
working in the area.

The first talk will be an introduction to and overview of statistics in
cybersecurity while the following talks will deal with specific examples.

*Event Fees:*

   * Fellows: Free
   * Non Fellows: £20

Registration with payment is required. Please register here.
<https://events.rss.org.uk/rss/401/register>


*Programme:*

14:00-15:00 *Nick Heard* (Imperial College) -**"Statistical Challenges
in Cyber-Security"
15:00-15:40 *Delarem Kahrobaei *(University of York) - "Homomorphic
Encryption for Statistical Analysis and Machine Learning in Medicine and
Bioinformatics"

15:40-16:00 Coffee

16:00-16:40 *Patrick Rubin-Delanchy* (University of Bristol) -
"Statistical analysis of large matrices with cyber-security applications"
16:40-17:00 *Colin Gillespie* (Newcastle University) - "Hacking R as a
script kiddie"


*Abstracts:*

*Nick Heard*

Statistical methods have an important role to play in the next
generation of cyber-security defences. Inside a typical enterprise
computer network, a number of high-volume data sources are available
which can enable the discovery and prevention of cyber-attacks and any
other nefarious network activity. At Imperial, our interests are in
developing statistical, probability model-based techniques for
identifying subtle intrusion attempts using these data sources. This
talk will give an overview of some different statistical approaches to
analysing cyber data, ranging from micro-level models of activity on
individual network graph edges through to characterisations of the full
network.


*Delaram Kahrobaei*

Statistical analysis and Machine learning techniques are an excellent
tool for the medical community to analyse large amounts of medical and
genomic data. On the other hand, ethical concerns and privacy
regulations prevent the free sharing of these data.
Encryption methods such as fully homomorphic encryption (FHE) provide a
method evaluated over encrypted data. Using FHE, machine learning models
such as deep learning, decision trees, and naive Bayes have been
implemented for private prediction using medical data. FHE has also been
shown to enable secure genomic algorithms, such as paternity testing,
and secure application of genome-wide association studies. This talk
provides an overview of fully homomorphic encryption and its
applications in medicine and bioinformatics. The high-level concepts
behind FHE and its history are introduced. We provide the state of FHE
for privacy-preserving techniques in statistical analysis, machine
learning, bioinformatics and future growth opportunities for FHE.

The talk is largely based on the thesis of my former PhD student, Dr.
Alexander Wood, currently a postdoctoral fellow at the University of
Michigan (Ann Arbor, USA) Professor Najarian's Lab, at the Department of
Computational Medicine and Bioinformatics.


*Patrick Rubin-Delanchy*

In this talk I present mathematical research surrounding the development
of a statistical toolkit for the analysis of graphs,
matrices and other data structures that routinely occur in
cyber-security applications. A recurring use-case is intrusion
detection, and I will show real data examples from
collaborative research with Microsoft and Los Alamos National
Laboratory. Without claiming that statistically-principled approaches
have no issues (e.g. being over-conservative and/or based on unrealistic
models), I will comment on the recent explosion of "deep"
machine-learning approaches to cyber-security, showing how ostensibly
minor experimental biases could yield dramatic over-representation of
successes. Some of the theory and methodology presented is covered in:
https://arxiv.org/abs/1505.05068 (to appear in the Journal of the
American Statistical Association) and https://arxiv.org/abs/1709.05506.


*Colin Gillespie*

Data science using R is increasing performed in the cloud or over a
network. But how secure is this process?
In this talk, we won't look at complex hacking but instead, focus on the
relatively easy hacks that can be performed to access systems. We'll use
three R related examples of how it is possible to access a users
system. In the first example, we'll investigate domain squatting on the
Bioconductor website. By registering only thirteen domains, we had the
potential to run arbitrary on hundreds of users. In the second example,
we'll look at techniques for guessing passwords on RStudio server
instances. Lastly, we'll highlight how users can be a little too
trusting when running R code from blogs.




This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please contact the sender and delete the email and
attachment. 

Any views or opinions expressed by the author of this email do not
necessarily reflect the views of the University of Nottingham. Email
communications with the University of Nottingham may be monitored 
where permitted by law.

You may leave the list at any time by sending the command

SIGNOFF allstat

to [log in to unmask], leaving the subject line blank.