Fig 6 - uploaded by Kaur Kullman
Content may be subject to copyright.
VDE: VR view of Locked Shields 18 Partner Run network topology and network traffic using VDE; view from the other side of the meta-shape, where the data-shape consisting of unknown entities is in foreground (lower side of this screenshot), while Blue Teams' networks (see close-up on Fig 4) are positioned father (on the upper side of this screenshot). Some edges and entities have been selected and are rendered red instead of the default green.

VDE: VR view of Locked Shields 18 Partner Run network topology and network traffic using VDE; view from the other side of the meta-shape, where the data-shape consisting of unknown entities is in foreground (lower side of this screenshot), while Blue Teams' networks (see close-up on Fig 4) are positioned father (on the upper side of this screenshot). Some edges and entities have been selected and are rendered red instead of the default green.

Source publication
Conference Paper
Full-text available
US Army C5ISR Center Cyber Security Service Provider (CSSP) is a 24/7 Defensive Cyber Operations (DCO) organization that defends US Department of Defense and US Army networks from hostile cyber activity, as well as develops technologies and capabilities for use by DCO operators within the DoD. In recent years, C5ISR Center CSSP has been researching...

Similar publications

Conference Paper
Full-text available
The latest Augmented Reality (AR) and Mixed Reality (MR) systems are able to provide innovative methods for user interaction, but their full potential can only be achieved when they are able to exchange bidirectional information with the physical world that surround them, including the objects that belong to the Internet of Things (IoT). The proble...
Conference Paper
Full-text available
Irregular materials such as unprocessed rocks and wooden branches are currently rarely used in contemporary architectural construction due to the high cost of skilled labor required for preparation. This project investigates methods of graphic statics in combination with technologies such as photogrammetry and 3D printing to build structures from n...
Preprint
Full-text available
Age-related Macular Degeneration (AMD) is a progressive visual impairment affecting millions of individuals. Since there is no current treatment for the disease, the only means of improving the lives of individuals suffering from the disease is via assistive technologies. In this paper we propose a novel and effective methodology to accurately gene...
Article
Full-text available
In this paper, we present a novel approach for reconstructing 3D geometry from a stream of images captured by a consumer-grade mobile RGB-D sensor. In contrast to previous real-time online approaches that process each incoming image in acquisition order, we show that applying a carefully selected order of (possibly a subset of) frames for pose esti...
Article
Full-text available
It is difficult to study the phenomena which cannot be seen. But Mixed Reality (MR) has the potential to support such study. In this case, I take magnetic fields as the phenomenon cannot be seen. I created and improved a visualization teaching application and lesson program to resolve several problems which become apparent through lesson practices....

Citations

... Motion controlled interaction with the data-shapes allows for intuitive manipulation of the visualization to explore the underlying dataset (Kullman et al., 2019a). ...
... Typical representations of network topology are in two dimensions (2D), which loses temporal and spatial relationships between nodes in the network, in addition to not scaling well with increased (but often necessary) complexity. Virtual Reality (VR) and Mixed Reality (MR) tools that are able to visualize CSA-relevant information such as network topology as 3D objects in space and time, may aid in the development of shared mental models for efficient RCP communication between technical and non-technical personnel (Kullman et al., 2018(Kullman et al., , 2019a(Kullman et al., ,b, 2020). For instance, SA level 3 is the most vital stage for decision-making and appears to be the stage that is the most dependent on human working memory (Gutzwiller and Clegg, 2013). ...
... If this allows CTS information to be encoded more efficiently (e.g., Legge et al., 2012;Wagner et al., 2021), it may also allow for more working memory capacity to be allocated to sharing knowledge about the course and impact of current and future events. Reducing the load on working memory may in turn support establishing shared SA level 3 (Gutzwiller and Clegg, 2013) for decision-making in CTSs (Kullman et al., 2019a). Awareness is achieved in three stages (Endsley, 1995). ...
... Typical representations of network topology are in two dimensions (2D), which loses temporal and spatial relationships between nodes in the network, in addition to not scaling well with increased (but often necessary) complexity. Virtual Reality (VR) and Mixed Reality (MR) tools that are able to visualize CSA-relevant information such as network topology as 3D objects in space and time, may aid in the development of shared mental models for efficient RCP communication between technical and non-technical personnel (Kullman et al., 2018(Kullman et al., , 2019a(Kullman et al., ,b, 2020. For instance, SA level 3 is the most vital stage for decision-making and appears to . ...
... If this allows CTS information to be encoded more efficiently (e.g., Legge et al., 2012;Wagner et al., 2021), it may also allow for more working memory capacity to be allocated to sharing knowledge about the course and impact of current and future events. Reducing the load on working memory may in turn support establishing shared SA level 3 (Gutzwiller and Clegg, 2013) for decision-making in CTSs (Kullman et al., 2019a). Studies on VR navigation in humans and mice (Bohbot et al., 2017;Safaryan and Mehta, 2021) showed that they were able to generate brain waves in areas relevant for navigation, attention, learning, and memory (Winson, 1978;Seager et al., 2002). ...
... The Virtual Data Explorer (VDE; Kullman et al., 2018Kullman et al., , 2019a) was developed to visualize network topology in a manner that is idiosyncratic to the mental models that analysts use to conceptualize the network (Figure 2). Based on interviews with expert analysts, the VDE is able to visualize the relationship between nodes in an actual network in space and time (Kullman et al., 2018(Kullman et al., , 2019a(Kullman et al., ,b, 2020. ...
Article
Full-text available
Background Cyber defense decision-making during cyber threat situations is based on human-to-human communication aiming to establish a shared cyber situational awareness. Previous studies suggested that communication inefficiencies were among the biggest problems facing security operation center teams. There is a need for tools that allow for more efficient communication of cyber threat information between individuals both in education and during cyber threat situations. Methods In the present study, we compared how the visual representation of network topology and traffic in 3D mixed reality vs. 2D affected team performance in a sample of cyber cadets ( N = 22) cooperating in dyads. Performance outcomes included network topology recognition, cyber situational awareness, confidence in judgements, experienced communication demands, observed verbal communication, and forced choice decision-making. The study utilized network data from the NATO CCDCOE 2022 Locked Shields cyber defense exercise. Results We found that participants using the 3D mixed reality visualization had better cyber situational awareness than participants in the 2D group. The 3D mixed reality group was generally more confident in their judgments except when performing worse than the 2D group on the topology recognition task (which favored the 2D condition). Participants in the 3D mixed reality group experienced less communication demands, and performed more verbal communication aimed at establishing a shared mental model and less communications discussing task resolution. Better communication was associated with better cyber situational awareness. There were no differences in decision-making between the groups. This could be due to cohort effects such as formal training or the modest sample size. Conclusion This is the first study comparing the effect of 3D mixed reality and 2D visualizations of network topology on dyadic cyber team communication and cyber situational awareness. Using 3D mixed reality visualizations resulted in better cyber situational awareness and team communication. The experiment should be repeated in a larger and more diverse sample to determine its potential effect on decision-making.
... Kullman ve arkadaşları, ABD savunma bakanlığı ve ordusuna bağlı ağları düşmanca siber aktivitelere karşı koruyan ve siber operasyon işlemleri için yeni teknolojiler geliştiren ABD Ordusu Center C5ISR Siber Güvenlik Hizmet Sağlayıcısı (CSSP) bünyesinde çalışan siber güvenlik uzmanlarının iş akışının hızını ve verimliliğini arttırmak adına siber güvenlik veri kümelerini kullanan sanal ve karma gerçeklik temelli bir 3B veri görüntüleme içeriği geliştirmiştir [20]. ...
Article
Kritik Altyapılar Ulusal Test Yatağı Merkezi (CENTER) Enerji, eğitim, güvenlik araştırmaları, ulusal/uluslararası saldırı ve savunma çözümleri gibi konuları amaçlayan elektrik güç şebekesi için güvenli bir test yatağı altyapısıdır. Siber güvenlik alanında çalışacak yeni adaylara veya laboratuvarda eğitim alacak lisans/lisansüstü seviyesindeki öğrencilere geliştirilen test yatağında yer alan cihazların tanıtılması, kullanımı, olası sistemsel arıza ve siber saldırı senaryoların uygulanması gibi konularda eğitim verilmektedir. Bu çalışmada, CENTER Enerji’nin bir sanal gerçeklik uygulaması ile simüle edilmesini öneren bir tasarı sunulmaktadır. Böylece, çalışma ekibine katılacak olan yeni araştırmacıların ve laboratuvara eğitim amaçlı olarak alınacak öğrencilerin adı geçen eğitim sürecinde eş-zamanlı ve laboratuvar ortamından bağımsız olarak sanal ortamda ön eğitimden geçirilerek adaptasyon sürecinin hızlandırılması amaçlanmaktadır.
... How the cyber-spatial representations should be designed is still a topic for research. Left: Traditional geo-spatial symbols; right: alternatives for cyber-spatial representations, including an example from Ref.[36]. ...
Technical Report
Full-text available
Information superiority is one of the primary enablers for military dominance; the exploitation of all relevant information from multiple sources is a key factor for NATO’s information superiority. Visualization and visual analytics research are essential to address the needs of the 2015 NATO targets of emphasis in Information Analysis (IA) & Decision Support (DS): IA&DS-1 on Decision Support and IA&DS-2 on Big Data & Long Data Processing & Analysis. Visual analytics is the science of analytical reasoning facilitated by interactive visual interfaces. The Group investigated, researched and fostered collaborations in knowledge extraction and data analysis for timely situation awareness to support effective decision making. The IST-141 group researched, developed and applied exploratory visual analytics techniques: (1) to exploit and make sense of large and complex data sets, i.e. Big Data; (2) to help make tacit knowledge explicit; (3) to provide acute situation awareness, and; (4) to support informed decision making across a wide range of defence and security application domains including cyber, maritime, genomics and social media domains, as well as post analysis and in situ visualization for simulation data.
... Participants with prior gaming experience adjusted quickly to the Oculus Touch motion controllers, suggesting that the relevant dexterity and muscle memory for gaming console controller usage helps users adjusting from those controllers to handling input devices for VR experiences. Multiple participants acknowledged that such 3D visualizations of network topology could assist in their understanding of the networks they use daily (Kullman, Ryan & Trossbach, 2019). ...
... ISPMDV can be considered an "add-on" to SPMDV, which in turn derives from multidimensional data visualizations (MDV). While MDV on flat screens is a wellresearched topic [9] [10] [11] [12], SPMDV has received broader public attention only gradually during the past ten years [13] [14] [5] [15], with the emergence of VR and MR headsets that are good enough to have enabled researchers [16] [17] [18] and practitioners [19] [20] [21] to explore their capabilities for data visualization. ...
... ASN, IP range, ports used, and amount of data transferred). [21]. Two distinct datasets are combined in such an ISPMDV: a logical topology of the entities that are expected to be active in the network (i.e., the positions of nodes representing those entities) and the observed network traffic. ...
... VR view of Locked Shields 18 Partner Run network topology and network traffic using VDE, shown from the other side of the meta-shape, where the data-shape consisting of unknown entities is in foreground (lower side of this screenshot), while Blue Teams' networks are positioned farther away (on the upper side of this screenshot). Some edges and entities have been selected and are rendered red instead of the default green[21]. ...
Article
Full-text available
Interactive Data Visualizations (IDV) can be useful for cybersecurity subject matter experts (CSMEs) while they are exploring new data or investigating familiar datasets for anomalies, correlating events, etc. For an IDV to be useful to a CSME, interaction with that visualization should be simple and intuitive (free of additional mental tasks) and the visualization’s layout must map to a CSME’s understanding. While CSMEs may learn to interpret visualizations created by others, they should be encouraged to visualize their datasets in ways that best reflect their own ways of thinking. Developing their own visual schemes makes optimal use of both the data analysis tools and human visual cognition. In this article, we focus on a currently available interactive stereoscopically perceivable multidimensional data visualization solution, as such tools could provide CSMEs with better perception of their data compared to interpreting IDV on flat media (whether visualized as 2D or 3D structures).
... As noted in [2], cybersecurity-specific visualizations can be broadly classified into a) network analysis, b) malware analysis, c) threat analysis and situational awareness. Timely and efficient execution of tasks in each of these categories may require different types of visualizations addressed by a growing number of cybersecurity-specific visualization tools (for examples and descriptions of such see [3], [5] and [6]) as well as universal 1 As designated PR-CDA-001 and bearing responsibilities for tasks identified in [18] 2 As designated PR-CIR-001 and bearing responsibilities for tasks identified in [18] 3 As designated OM-NET-001 and bearing responsibilities for tasks identified in [18] software with visualization capabilities. These tools could be used to visualize data in myriad ways (for examples and descriptions of such see [7]) so that SMEs could explore their data visually and interactively (for interaction techniques see [8]). ...
Preprint
Full-text available
Visualizations can enhance the efficiency of Cyber Defense Analysts, Cyber Defense Incident Responders and Network Operations Specialists (Sub-ject Matter Experts, SME) by providing contextual information for various cy-bersecurity-related datasets and data sources. We propose that customized, stere-oscopic 3D visualizations, aligned with SMEs internalized representations of their data, may enhance their capability to understand the state of their systems in ways that flat displays with either text, 2D or 3D visualizations cannot afford. For these visualizations to be useful and efficient, we need to align these to SMEs internalized understanding of their data. In this paper we propose a method for interviewing SMEs to extract their implicit and explicit understanding of the data that they work with, to create useful, interactive, stereoscopically perceivable visualizations that would assist them with their tasks.
... As noted in [2], cybersecurity-specific visualizations can be broadly classified into a) network analysis, b) malware analysis, c) threat analysis and situational awareness. Timely and efficient execution of tasks in each of these categories may require different types of visualizations addressed by a growing number of cybersecurity-specific visualization tools (for examples and descriptions of such see [3], [5] and [6]) as well as universal 1 As designated PR-CDA-001 and bearing responsibilities for tasks identified in [18] 2 As designated PR-CIR-001 and bearing responsibilities for tasks identified in [18] 3 As designated OM-NET-001 and bearing responsibilities for tasks identified in [18] software with visualization capabilities. These tools could be used to visualize data in myriad ways (for examples and descriptions of such see [7]) so that SMEs could explore their data visually and interactively (for interaction techniques see [8]). ...
Chapter
Visualizations can enhance the efficiency of Cyber Defense Analysts, Cyber Defense Incident Responders and Network Operations Specialists (Subject Matter Experts, SME) by providing contextual information for various cybersecurity-related datasets and data sources. We propose that customized, stereoscopic 3D visualizations, aligned with SMEs internalized representations of their data, may enhance their capability to understand the state of their systems in ways that flat displays with either text, 2D or 3D visualizations cannot afford. For these visualizations to be useful and efficient, we need to align these to SMEs internalized understanding of their data. In this paper we propose a method for interviewing SMEs to extract their implicit and explicit understanding of the data that they work with, to create useful, interactive, stereoscopically perceivable visualizations that would assist them with their tasks.