Gromov used convex integration to prove that any closed
orientable three-manifold equipped with a volume form admits three
divergence-free vector fields which are linearly independent at every
point. We provide an alternative proof of this using geometric
properties of eigenspinors in three dimensions. In fact, our proof
shows that for any Riemannian metric, one can find three
divergence-free vector fields such that at every point they are
orthogonal and have the same non-zero length.

Cyber-systems are under near-constant threat from intrusion attempts. Attacks types vary, but each attempt typically has a specific underlying intent, and the perpetrators are typically groups of individuals with similar objectives. Clustering attacks appearing to share a common intent is very valuable to threat-hunting experts. This talk explores topic models for clustering terminal session commands collected from honeypots, which are special network hosts designed to entice malicious attackers. The main practical implications of clustering the sessions are two-fold: finding similar groups of attacks, and identifying outliers. A range of statistical topic models are considered, adapted to the structures of command-line syntax. In particular, concepts of primary and secondary topics, and then session-level and command-level topics, are introduced into the models to improve interpretability. The proposed methods are further extended in a Bayesian nonparametric fashion to allow unboundedness in the vocabulary size and the number of latent intents. The methods are shown to discover an unusual MIRAI variant which attempts to take over existing cryptocurrency coin-mining infrastructure, not detected by traditional topic-modelling approaches. This is joint work with Daniyar Ghani (Imperial College London), Anastasia Mantziou (Alan Turing Institute), Philip Thiede (formerly at Imperial College London, now at Abios), Ross Bevington (Microsoft), Nicholas A. Heard (Imperial College London).