Table 1 - uploaded by Aneesha Sethi
Content may be subject to copyright.
Source publication
The area of visualization in cyber-security is advancing at a fast pace. However, there is a lack of standardized guidelines for designing and evaluating the resulting visualizations. Furthermore, limited end-user involvement in the design process leads to visualizations that are generic and often ineffective for cyber-security analysts. Thus, the...
Contexts in source publication
Context 1
... papers presented results from cognitive task analysis (CTA) of security analysts and gave insight into the roles and tasks security analysts' perform and information about how to make cyber-security visualizations effective for them as end-users. The results of thematic analysis are displayed in Table 1 and Table 2, these represent the definitions of all identified codes segregated by the themes they fall under. The Links column of both the tables refers to which component task uses the code. ...
Context 2
... represent excerpts of related data that are used to intuitively identify the aspect of data it represents and themes captures the significance of data in a patterned response by being attached to cluster of similar codes [27]. To enhance the understanding of the component roles, Table 1 and Table 2 present definitions of codes of themes 'Type of Data', 'Role of End-User' and 'Characteristics of Visualization' that are used in the component task representations. The definitions of the codes (eg: Triage Analysis...) under the theme 'Goal of Task' are already given in Sect. ...
Similar publications
Modelling of residential end-user electricity
consumption is needed for policy making, planning of electricity
distribution system and assessing the economic impact of
adopting technologies like renewable energy, electric vehicles,
and smart grids. The residential sector accounts a substantial
percentage of total electricity consumption. However, m...
Citations
... Sicherheitsmetriken, Sicherheitsüberwachung, Erkennung von Anomalien, Forensik und Malware-Analyse. Informationswissenschaft, maschinelles Lernen und explorative Datenanalyse untersuchen auch die Visualisierung von Sicherheitsdaten[2]. Ein Teilbereich der Visualisierung von Sicherheitsdaten ist die Visualisierung von Daten im Kontext der Cybersicherheit[27], die aufgrund der steigenden Zahl von Angriffen besondere Aufmerksamkeit erfährt[27,33]. Hier werden Daten für die Logdaten-Analyse, Port-Scans und Schwachstellenbewertung durch Visualisierungstypen wie Koordinatensysteme und Baumstrukturen[8] verständlicher. Fan et al.[13] schlagen ein Echtzeit-Netzwerksicherheitssystem vor, das unbeaufsichtigtes Lernen und Visualisierungstechnologie kombiniert, Netzwerk-Verhaltensmuster identifiziert und ein Visualisierungsmodul zur interaktiven Modellanpassung bereitstellt. ...
Zusammenfassung
Wearables unterstützen ihre Nutzer:innen in unterschiedlichen Kontexten. Dabei erzeugen und nutzen sie eine Vielzahl von oft sehr persönlichen (Gesundheits-)Daten, ohne dass Nutzer:innen über die notwendigen Kenntnisse und Erfahrungen verfügen, um reflektierte Entscheidungen über die Nutzung dieser Daten treffen zu können. In der aktuellen Forschung fehlen Konzepte, die einen unreflektierten Datenaustausch vermeiden und reflektierte Entscheidungen unterstützen. In diesem Beitrag diskutieren wir gesellschaftliche Herausforderungen der digitalen Souveränität und zeigen mögliche Wege der Visualisierung persönlicher (Gesundheits-)Daten und der Interaktion mit einem System, das transparente Informationen über die Nutzung von Wearable-Daten liefert. Wir zeigen Möglichkeiten zur Visualisierung rechtlicher und datenschutzrechtlicher Informationen auf und diskutieren unsere Ideen für einen erlebbaren Datenschutz mit Gamifizierungskonzepten. Die Bereitstellung interaktiver und visueller Datenräume kann die Fähigkeit zur eigenständigen Selbstbestimmung für Datenpreisgaben stärken.
... For more information about these and other cybersecurity related roles, see [1]. As noted in [2], cybersecurity-specific visualizations can be broadly classified into a) network analysis, b) malware analysis, c) threat analysis and situational awareness. Timely and efficient execution of tasks in each of these categories may require different types of visualizations addressed by a growing number of cybersecurity-specific visualization tools (for examples and descriptions of such see [3], [5] and [6]) as well as universal 1 As designated PR-CDA-001 and bearing responsibilities for tasks identified in [18] 2 As designated PR-CIR-001 and bearing responsibilities for tasks identified in [18] 3 As designated OM-NET-001 and bearing responsibilities for tasks identified in [18] software with visualization capabilities. ...
Visualizations can enhance the efficiency of Cyber Defense Analysts, Cyber Defense Incident Responders and Network Operations Specialists (Sub-ject Matter Experts, SME) by providing contextual information for various cy-bersecurity-related datasets and data sources. We propose that customized, stere-oscopic 3D visualizations, aligned with SMEs internalized representations of their data, may enhance their capability to understand the state of their systems in ways that flat displays with either text, 2D or 3D visualizations cannot afford. For these visualizations to be useful and efficient, we need to align these to SMEs internalized understanding of their data. In this paper we propose a method for interviewing SMEs to extract their implicit and explicit understanding of the data that they work with, to create useful, interactive, stereoscopically perceivable visualizations that would assist them with their tasks.
... For more information about these and other cybersecurity related roles, see [1]. As noted in [2], cybersecurity-specific visualizations can be broadly classified into a) network analysis, b) malware analysis, c) threat analysis and situational awareness. Timely and efficient execution of tasks in each of these categories may require different types of visualizations addressed by a growing number of cybersecurity-specific visualization tools (for examples and descriptions of such see [3], [5] and [6]) as well as universal 1 As designated PR-CDA-001 and bearing responsibilities for tasks identified in [18] 2 As designated PR-CIR-001 and bearing responsibilities for tasks identified in [18] 3 As designated OM-NET-001 and bearing responsibilities for tasks identified in [18] software with visualization capabilities. ...
Visualizations can enhance the efficiency of Cyber Defense Analysts, Cyber Defense Incident Responders and Network Operations Specialists (Subject Matter Experts, SME) by providing contextual information for various cybersecurity-related datasets and data sources. We propose that customized, stereoscopic 3D visualizations, aligned with SMEs internalized representations of their data, may enhance their capability to understand the state of their systems in ways that flat displays with either text, 2D or 3D visualizations cannot afford. For these visualizations to be useful and efficient, we need to align these to SMEs internalized understanding of their data. In this paper we propose a method for interviewing SMEs to extract their implicit and explicit understanding of the data that they work with, to create useful, interactive, stereoscopically perceivable visualizations that would assist them with their tasks.
... Comprehensive network activity analysis requires the detection of correlation of events occurring in the cyberspace, situational awareness as well as dynamic and static risk analysis. To develop a useful and effective tool for such an analysis appropriate methods and techniques for multidimensional data visualisation are needed [4][5][6]. Visualisation is one of the most useful tools for network administrators and cyber security analysts to cope with the scale and complexity of huge amount of data ( Figure 1). By gathering appropriate data from multiple sources and visualising it logically, situational awareness is increased and incidents can be easily communicated to the users who need this information, and thus the incident can be addressed adequately. ...
The goal of the research reported here was to investigate whether the design methodology utilising embodied agents can be applied to produce a multi-modal human–computer interface for cyberspace events visualisation control. This methodology requires that the designed system structure be defined in terms of cooperating agents having well-defined internal components exhibiting specified behaviours. System activities are defined in terms of finite state machines and behaviours parameterised by transition functions. In the investigated case the multi-modal interface is a component of the Operational Centre which is a part of the National Cybersecurity Platform. Embodied agents have been successfully used in the design of robotic systems. However robots operate in physical environments, while cyberspace events visualisation involves cyberspace, thus the applied design methodology required a different definition of the environment. It had to encompass the physical environment in which the operator acts and the computer screen where the results of those actions are presented. Smart human–computer interaction (HCI) is a time-aware, dynamic process in which two parties communicate via different modalities, e.g., voice, gesture, eye movement. The use of computer vision and machine intelligence techniques are essential when the human is carrying an exhausting and concentration demanding activity. The main role of this interface is to support security analysts and operators controlling visualisation of cyberspace events like incidents or cyber attacks especially when manipulating graphical information. Visualisation control modalities include visual gesture- and voice-based commands.
... Chapitre 1 -Analyse de l'état de sécurité d'un système Figure 1.13 -Relations entre les phases de la CSA (perception, compréhension, projection) du modèle d'Endsley, les huit tâches que doivent effectuer les cyber analystes (en gris) et les usages des outils de VA (en blanc), extrait de [126]. Les outils de VA peuvent être utilisés à différents stades de l'acquisition de la CSA. 14 -Framework EEVi pour le développement de visualisations adaptées aux utilisateurs, extrait de [108] (© 2017, IEEE). L'image de gauche décrit le processus de développement d'un outil de visualisation tandis que l'image de droite présente un exemple de relations entre une tâche de triage de données, les données à utiliser, les rôles dédiés à cette tâche ainsi que les caractéristiques de l'outil. ...
... L'image de gauche décrit le processus de développement d'un outil de visualisation tandis que l'image de droite présente un exemple de relations entre une tâche de triage de données, les données à utiliser, les rôles dédiés à cette tâche ainsi que les caractéristiques de l'outil. [108]. La Figure 1.15 présente les différents aspects que doit avoir une visualisation permettant l'acquisition de la CSA selon ce framework. ...
... La Figure 1.15 présente les différents aspects que doit avoir une visualisation permettant l'acquisition de la CSA selon ce framework. [108]. On peut remarquer que la CSA concerne beaucoup de rôles différents d'utilisateurs ainsi que des sources de données hétérogènes. ...
L’objectif de la thèse était d’étudier l’utilisation d’Environnements Virtuels Collaboratifs (EVC) pour l’analyse de l’état de sécuritéde systèmes informatiques, aussi appelée la Cyber Situational Awareness (CSA). Après avoir étudié les modèles et outils de la CSA, nous avons pu visiter les Security Operations Center (SOCs) de quatre partenaires industriels de la Chaire Cyber CNI, afin de mieux cerner les besoins et attentes des cyber analystes. Ces visites ont été effectuées dans le cadre d’un protocole de l’analyse de l’activité collaborative et nous ont permises de proposer un modèle, le CyberCOP 3D. En nous basant sur notre modèle ainsi que sur une modélisation du rançongiciel WannaCry, nous avons développé un EVC pour la cybersécurité ainsi qu’un moteur de scénarisation simplifié permettant à des utilisateurs de concevoir leurs propres scénarios d’analyse d’alertes. Nous avons effectué une évaluation de l’utilisabilité d’un environnement virtuel pour l’analyse d’alertes auprès d’utilisateurs non-experts en cybersécurité.
... Kompleksowa analiza pracy sieci wymaga wykrywania korelacji zachodzących zdarzeń, analizy sytuacyjnej oraz dynamicznej i statycznej analizy ryzyka. Aby narzędzie do takiej analizy było użyteczne, potrzebne są odpowiednie metody i techniki do wizualizacji wielowymiarowych danych [29,30]. W systemie SEQUESTOR wizualizacja danych została zorganizowana za pomocą SEQViz [5]. ...
... Visualizations provide analysts with visual representation of alphanumeric data that would otherwise be difficult to comprehend due to its large volume. Such visualizations aim to effectively support analyst's tasks including detecting, monitoring and mitigating cyber-attacks in a timely and efficient manner (Sethi & Wills, 2017). Cybersecurity specific visualizations can be broadly classified into three main categories: 1) network analysis, 2) malware analysis, 3) threat analysis and situational awareness (Sethi & Wills, 2017). ...
... Such visualizations aim to effectively support analyst's tasks including detecting, monitoring and mitigating cyber-attacks in a timely and efficient manner (Sethi & Wills, 2017). Cybersecurity specific visualizations can be broadly classified into three main categories: 1) network analysis, 2) malware analysis, 3) threat analysis and situational awareness (Sethi & Wills, 2017). Timely and efficient execution of tasks in each of these categories may require different types of visualizations. ...
US Army C5ISR Center Cyber Security Service Provider (CSSP) is a 24/7 Defensive Cyber Operations (DCO) organization that defends US Department of Defense and US Army networks from hostile cyber activity, as well as develops technologies and capabilities for use by DCO operators within the DoD. In recent years, C5ISR Center CSSP has been researching various advanced data visualization concepts and strategies to enhance the speed and efficiency of cybersecurity analyst's workflow. To achieve these goals Virtual and Mixed Reality (VR/MR) tools have been employed to investigate, whether these mediums would enable useful remote collaboration of DCO operators and whether stereoscopically perceivable 3D data visualizations would enable DCO operators to gain improved hindsight into their datasets. We'll be giving overview of the capabilities being developed as aligned to our research and operational requirements, our expected outcomes of using VR/MR in training and operational cyber environments and our planned path to accomplish these goals.
... Cybersecurity visualizations provide analysts with visual representation of alphanumeric data that would otherwise be difficult to comprehend due to its large volume. Such visualizations aim to effectively support analyst's tasks including detecting, monitoring and mitigating cyber attacks in a timely and efficient manner (Sethi & Wills, 2017). Cybersecurity specific visualizations can be broadly classified into three main categories: 1.) network analysis, 2.) malware and 3.) threat analysis, and situational awareness (Sethi & Wills, 2017). ...
... Such visualizations aim to effectively support analyst's tasks including detecting, monitoring and mitigating cyber attacks in a timely and efficient manner (Sethi & Wills, 2017). Cybersecurity specific visualizations can be broadly classified into three main categories: 1.) network analysis, 2.) malware and 3.) threat analysis, and situational awareness (Sethi & Wills, 2017). Timely and efficient execution of tasks in each of these categories may require different types of visualizations addressed by a growing number of cybersecurity specific visualization tools (Marty, 2008) as well as universal software with visualization capabilities like Tableau, MS Excel, R, Python, and D3 libraries (d3.js) among others. ...
... The challenge in creating useful visualization for cybersecurity practitioners is in aligning data visualization experts' knowledge with cybersecurity analysts' needs and knowledge so, that the resulting visualizations would be useful for work tasking. A recent survey showed that 46% of 130 tools did not have any user-involvement in the evaluation phase (Sethi & Wills, 2017). ...
Cybersecurity analysts ingest and process significant amounts of data from diverse sources in order to acquire network situation awareness. Visualizations can enhance the efficiency of analysts' workflow by providing contextual information, various sets of cybersecurity related data, information regarding alerts, among others. However, textual displays and 2D visualizations have limited capabilities in displaying complex, dynamic and multidimensional information. There have been many attempts to visualize data in 3D, while being displayed on 2D displays, but success has been limited. We propose that customized, stereoscopically perceivable 3D visualizations aligned with analysts' internal representations of network topology, may enhance their capability to understand their networks' state in ways that 2D displays cannot afford. These 3D visualizations may also provide a path for users who are trained and comfortable with textual and 2D representations of data to assess visualization methods that may be suitably aligned to implicit knowledge of their networks. Thus, the premise of custom data-visualizations forms the foundation for this study. Herein, we report on findings from a comparative, qualitative, within-subjects usability analysis between 2D and 3D representations of the same network traffic dataset. Study participants (analysts) provided information on: 1.) ability to create an initial understanding of the network, 2.) ease of finding task-relevant information in the representation, and 3.) overall usability. Results indicated that interviewees indicated a preference for 3D visualizations over the 2D alternatives and we discuss possible explanations for this preference.
... Visualizations provide analysts with visual representation of alphanumeric data that would otherwise be difficult to comprehend due to its large volume. Such visualizations aim to effectively support analyst's tasks including detecting, monitoring and mitigating cyber-attacks in a timely and efficient manner (Sethi & Wills, 2017). Cybersecurity specific visualizations can be broadly classified into three main categories: 1) network analysis, 2) malware analysis, 3) threat analysis and situational awareness (Sethi & Wills, 2017). ...
... Such visualizations aim to effectively support analyst's tasks including detecting, monitoring and mitigating cyber-attacks in a timely and efficient manner (Sethi & Wills, 2017). Cybersecurity specific visualizations can be broadly classified into three main categories: 1) network analysis, 2) malware analysis, 3) threat analysis and situational awareness (Sethi & Wills, 2017). Timely and efficient execution of tasks in each of these categories may require different types of visualizations. ...
Software engineers widely acknowledge the inclusion of security requirements in the early stages of the development process. However, the need to prepare the software for the failure of the implemented security controls and subsequent investigation of the incident is often not discussed. Forensic‐ready software systems represent an evolution of secure systems being designed for the eventual digital forensic investigation. However, their exact properties remain largely unexplored, beyond preliminary high‐level conceptualizations of requirements and capabilities. Further obstacles hindering the adoption of forensic‐ready software systems are the different priorities and goals of involved parties and a gap in the digital forensics expertise of software engineers. In this paper, we conduct an empirical qualitative study identifying the problems and needs of forensic readiness while framing the notion of an ideal forensic‐ready software system and how it should treat potential evidence. To this end, we conducted semisupervised interviews with digital forensics experts on their idea, experience, and suggestions. The results provide insights into the needs of the experts to facilitate the definition of correct requirements towards forensic‐ready software systems to support the anticipated investigations properly.
