As Lloyd’s of London warn another cyber-attack could cost businesses $53bn, a team of students from Imperial College London have developed a new way of combatting such threats.

Cyber-security has become a hot topic over the last few years, with high-profile events such as Heartbleed, the Sony Pictures hack and NotPetya making headlines around the world. In May, the WannaCry ransomware cryptoworm infected at least 200,000 computers in more than 150 countries over a single weekend, while this week Lloyd’s of London warned the global repair bill for another cyber-attack could match that of a major natural disaster.

One of the main challenges facing those attempting to identify and stop such attacks is the sheer volume of information they have to deal with. “Identifying and analysing cyber-attacks requires sifting through vast amounts of data to find anomalies,” explained Dr David Birch of Imperial College London’s Data Science Institute, who recently acted as the academic mentor for a team of Imperial College London students who developed a new way of spotting such events. “The team’s work shows the potential of visualisation and user classification to understand and identify anomalies.”

The team (who included students from the Business School’s MBA and MSc Business Analytics programmes, working alongside fellow students from Imperial College London’s MSc Computer Science programme) were working with a data set of 18 billion daily events, of which less than 0.000075% constituted cyber-attacks. Their breakthrough was in using that vast amount of data to identify what constituted standard behaviour within groups of similar users (“families”) and then filtering it out. What they were left with was the unexpected behaviour; a much smaller data set.

As visual creatures we are able to make sense of large volumes of data when it is visualised effectively

The Imperial College London researchers were also able to generate visual representations of this data: changes in network connectivity could actually be seen, helping to identify compromised users. “As visual creatures we are able to make sense of large volumes of data when it is visualised effectively,” explained Dr Birch. “We [the team] seek to understand network topology and identify anomalies within it easily by creating simple schemas for visualisation.” This method would be particularly effective when dealing with such data on a large scale.

The Imperial team’s research was conducted as part of the Data Spark 2017 scheme, run in association with BT Research and KPMG. The Data Spark is an Imperial College London project that connects academics with business leaders to analyse real-world data. For MSc and MBA students, the six-week consulting project is an opportunity to work alongside academic and business mentors while gaining practical experience of business analytics: for business leaders, it is a chance to leverage the minds of academics to unlock new and unexpected value from their existing data.