No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Unlocking user-centered design methods for building cyber security visualizations
... The main aim of visualization design is to provide the human analyst with efficient and effective perception, comprehension, and decision making in an automated and real-time manner [128]. One important limitation of visualization tools is scalability issues, especially for graphbased visualization tools [106]. Graph-based tools may include a large number of nodes requiring a time consuming analysis and visualization process. ...
... Graph-based tools may include a large number of nodes requiring a time consuming analysis and visualization process. This may affect the important factors such as real-time visualization [106]. Moreover, as a tremendous amount of data can be generated by the data collection phase, visualization tools may encounter information overload due to the large volumes of data produced. ...
... (a) Geo-location visualization of many-to-many attacks[173], (b) An overview of the network graph visualization used in the literature[106], (c) demonstration of chart-based visualization techniques. ...
Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system needs to be developed which has the ability of monitoring and capturing various types of threats, analyzing, and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights, and limitations of this study and suggest some future work directions to address the limitations.
... Cybersecurity technology should be designed to provide usability by assessing the target user performing the specific tasks required by the end product and by consulting users' opinions [34]. In other words, the design should progress by building personas, after examining the target users, their goals, knowledge, behaviors, and activities [42]. ...
... Effective visualization method design should provide insights by separating beneficial information from arbitrary noise [34]. To make the visualizations usable, the designers should consider the expectations of the targeted users by distinguishing the focus areas of users in different roles within an organization [42]. Audio feedback for users-in the form of alarms and alertsshould support visualizations to improve the prioritized feedback mechanism [34]. ...
... Audio feedback for users-in the form of alarms and alertsshould support visualizations to improve the prioritized feedback mechanism [34]. Visual interface models should be evaluated for usefulness [38] and for an ability to adapt to emerging user expectations [42]. ...
The research questions at the foundation of this paper are as follows: Where are the gaps in cybersecurity research? Where should future research focus its efforts? To that end, this paper investigates the secondary literature written about whether technology design has any effect on cybersecurity posture. The authors focused on five factors: (a) the technology itself; (b) the cybersecurity procedures formulated by the management of an organization; (c) the organizational structure and its effect on cybersecurity; (d) the laws that affect cybersecurity on national, state, and local levels; and (e) the human factors that affect the correct implementation of cybersecurity procedures.
Be it through the Internet of Things, daily interactions, or business operations; technology is rapidly changing the way people think and behave. Broadly speaking, technology is the application of scientific knowledge in practice, including tools and machines, to assist human beings in solving real-world problems. In the context of cybersecurity, technology is a widely used tool in cyberattack prevention, deterrence, and detection.
Proper cybersecurity technology can prevent most attacks, quickly detect vulnerabilities, mitigate cybersecurity risks, and assure the security of strategic business initiatives (such as digital transformation). Today, everyone, from top management to staff employees, has to utilize technology to complete regular tasks as tools used by organizational users, especially those created for security purposes; technology has a direct influence on the cybersecurity posture in the organization.
A common yet crucial organizational factor affecting the success of cybersecurity posture design is how to handle threats when they occur. Based on existing best practices, these approaches should be documented in corporate manuals and registers. This paper will explore the elements contributing to the successful development of these risk procedure manuals, including a discussion of the legal environment and human competencies.
... Personas are representations of intended users' characteristics (e.g., demographics, behaviors, and knowledge) and their values and needs (Cooper, 1999;Miaskiewicz and Kozar, 2011;Pruitt and Adlin, 2010). Personas have been proven to be effective in identifying design opportunity spaces especially when the accessibility to potential user segments are restricted (Chang et al., 2008;Faily and Flechais, 2011;McKenna et al., 2015;Kim et al., 2013). Personas in conjunction with other user-design methodologies allow designers to identify characteristics of specific users in the target group (e.g.., users vulnerable to cybersecurity risks). ...
... Persona developments assist designers to focus design decisions to meet the needs of the intended target audience (Massanari, 2010). In the literature of cybersecurity, several personas have been proposed that focused on the characteristics of stakeholder's roles involved in preventive cybersecurity solutions, e.g., IT managers, software developers, data analyst (McKenna et al., 2015;Faily and Flechais, 2011). These personas are valuable to develop tools that reflect the needs of cybersecurity development teams (Stoll et al., 2008). ...
... Three of the co-authors independently coded, categorized and analyzed all data collected from the trend analysis, interviews and online surveys. Qualitative coding was used to extract core insights from the data sets and organize them in relevant clusters (McKenna et al., 2015). The results of the studies were translated into eight different personas that systematically reflect distinct characteristics of usersthat fall into different quadrants of the user matrixes. ...
With the surging number of digital devices penetrating our daily routines, the risks inherent to cybersecurity—the protection of data on digital products connected to the Internet—have also increased since these devices (e.g., connected home devices, personal monitoring) collect, process, analyze and store users’ sensitive personal information. Thus, there is a pressing need to assist users in being aware of and dealing with potential cybersecurity threats. With the proposition that fulfilling the need starts with developing an in-depth understanding of the user behaviors in the context of cybersecurity, an exploratory study was conducted that employed three mixed qualitative and quantitative research methods—a trend analysis, an interview study, and an online survey study. The paper reports the user characteristics on (1) awareness levels of cybersecurity issues, (2) uses of digital devices, and (3) means of dealing with the privacy issues in product use. The results of the studies were translated into eight personas that systematically reflect distinct characteristics of users, which can help designers empathize with their potential users vulnerable to cybersecurity risks.
... In a fast-developing society, stakeholders in many domains are updated with rapidly and constantly changing information about their surrounding economic environment. McKenna et al. [36] have studied the information needs of different stakeholders in an enterprise. The analysts need the most detailed information to understand how each factor changes at each location and time. ...
... The failed user was spending a lot of time on AOI Ranking, which did not provide the needed information. We found that the viewing in the combination of AOI GDP and AOI Task often happened shortly before some participants (P2, 4,14,17,19,31,36) finished the task. This indicates that when the participants knew where to find the ranking information, they can quickly finish the task. ...
Map-based dashboards are among the most popular tools that support the viewing and understanding of a large amount of geo-data with complex relations. In spite of many existing design examples, little is known about their impacts on users and whether they match the information demand and expectations of target users. The authors first designed a novel map-based dashboard to support their target users’ spatiotemporal knowledge acquisition and analysis, and then conducted an experiment to assess the feasibility of the proposed dashboard. The experiment consists of eye-tracking, benchmark tasks, and interviews. A total of 40 participants were recruited for the experiment. The results have verified the effectiveness and efficiency of the proposed map-based dashboard in supporting the given tasks. At the same time, the experiment has revealed a number of aspects for improvement related to the layout design, the labeling of multiple panels and the integration of visual analytical elements in map-based dashboards, as well as future user studies.
... Par exemple, certains travaux comme ont adopté une approche de conception centrée sur l'utilisateur (CCU) [Jokela et al., 2003]. L'application d'une approche CCU peut nous aider à établir les besoins, les préférences et les limites des utilisateurs, à découvrir les possibilités de conception tout au long d'un processus de conception [McKenna et al., 2015]. Pour présenter notre processus de conception, nous reprenons les quatre étapes principales proposées par [Jokela et al., 2003] : ...
... 3.2 Étape de capture des besoins centrée utilisateur 3.2.1 Intérêt d'une démarche centrée sur l'utilisateur L'approche centrée sur l'utilisateur vise à développer une compréhension explicite des besoins utilisateurs en tenant compte de leurs tâches et de leurs environnements [Jokela et al., 2003]. L'application d'une approche CCU peut aider un concepteur à établir les besoins, les préférences et les limites des utilisateurs, à découvrir les possibilités de conception tout au long du processus [McKenna et al., 2015]. ...
Ce travail s’inscrit dans une problématique générale de l’analytique de l’apprentissage numérique et particulièrement dans le contexte du projet ANR HUBBLE, un observatoire national permettant le dépôt de processus d’analyse de haut niveau. Nous nous intéressons principalement à la communication des données d’analyse aux utilisateurs en mettant à leur disposition des tableaux de bord d'apprentissage (TBA). Notre problématique porte sur l’identification de structures génériques dans le but de générer dynamiquement des TBA sur mesure. Ces structures doivent être à la fois génériques et adaptables aux besoins d’utilisateurs. Les travaux existants proposent le plus souvent des TBA trop généraux ou développés de manière adhoc. Au travers du projet HUBBLE, nous souhaitons exploiter les décisions des utilisateurs pour générer dynamiquement des TBA. Nous nous sommes intéressés au domaine de l’informatique décisionnelle en raison de la place des tableaux de bord dans leur processus. La prise de décision exige une compréhension explicite des besoins des utilisateurs. C'est pourquoi nous avons adopté une approche de conception centrée sur l'utilisateur dans le but de lui fournir des TBA adaptés. Nous proposons aussi un processus de capture des besoins qui a permis l’élaboration de nos modèles (indicateur, moyens de visualisation, utilisateur, …). Ces derniers sont utilisés par un processus de génération implémenté dans un prototype de générateur dynamique. Nous avons procédé à une phase d'évaluation itérative dont l’objectif est d'affiner nos modèles et de valider l'efficacité de notre processus de génération ainsi que de démontrer l'impact de la décision sur la génération des TBA.
... The diverse forms of knowledge [35] that have resulted include techniques, methodologies and epistemologies that enable VIS to contribute meaningfully and effectively to problems, ranging from highly specialized academic domains to urgent and imminent global challenges. Rapid and flexible interactions with rich graphical depictions of data enable us to understand the complexities and nuances of atmospheric models [36][37][38], poetry composition [39,40], animal ecology [41][42][43], sporting performance [44][45][46][47], transport systems [48][49][50][51][52][53], evolution [54,55], cyber attacks [56][57][58], energy consumption [59,60], healthcare [61,62], genetics [63,64] and many other aspects of nature and society including epidemics and epidemiology [65][66][67][68][69][70][71]. [72]. ...
... The diverse forms of knowledge [64] that have resulted include techniques, methodologies and epistemologies that enable VIS to contribute meaningfully and effectively to problems, ranging from highly specialized academic domains to urgent and imminent global challenges. Rapid and flexible interactions with rich graphical depictions of data enable us to understand the complexities and nuances of atmospheric models [32,101,120], poetry composition [1,76], animal ecology [9,108,126], sporting performance [6,7,65,112], transport systems [5,8,15,16,119,131], evolution [80,83], cyber attacks [10,45,77], energy consumption [46,99], healthcare [39,47], genetics [41,88], and many other aspects of nature and society including epidemics and epidemiology [3,24,25,33,37,48,69]. ...
We report on an ongoing collaboration between epidemiological modellers and visualization researchers by documenting and reflecting upon knowledge constructs—a series of ideas, approaches and methods taken from existing visualization research and practice—deployed and developed to support modelling of the COVID-19 pandemic. Structured independent commentary on these efforts is synthesized through iterative reflection to develop: evidence of the effectiveness and value of visualization in this context; open problems upon which the research communities may focus; guidance for future activity of this type and recommendations to safeguard the achievements and promote, advance, secure and prepare for future collaborations of this kind. In describing and comparing a series of related projects that were undertaken in unprecedented conditions, our hope is that this unique report, and its rich interactive supplementary materials, will guide the scientific community in embracing visualization in its observation, analysis and modelling of data as well as in disseminating findings. Equally we hope to encourage the visualization community to engage with impactful science in addressing its emerging data challenges. If we are successful, this showcase of activity may stimulate mutually beneficial engagement between communities with complementary expertise to address problems of significance in epidemiology and beyond. See https://ramp-vis.github.io/RAMPVIS-PhilTransA-Supplement/ .
This article is part of the theme issue ‘Technical challenges of modelling real-life epidemics and examples of overcoming these’.
... The distinction between network-centric and domain-centric CSA as illustrated in Table 1 can be seen as an example of this. As pointed out by McKenna, Staheli, and Meyer (2015), organization members like the SOC analyst, SOC manager, CIO, and CEO, all need CSA to a varying degree. While under attack, the core issues and goals of the SOC analyst are quite different from the core issues and goals of the CEO. ...
Today, most enterprises are increasingly reliant on information technology to carry out their operations. This also entails an increasing need for cyber situational awareness—roughly, to know what is going on in the cyber domain, and thus be able to adequately respond to events such as attacks or accidents. This chapter argues that cyber situational awareness is best understood by combining three complementary points of view: the technological, the socio-cognitive, and the organizational perspectives. In addition, the chapter investigates the prospects for reasoning about adversarial actions. This part also reports on a small empirical investigation where participants in the Locked Shields cyber defense exercise were interviewed about their information needs with respect to threat actors. The chapter is concluded with a discussion regarding important challenges to be addressed along with suggestions for further research.
... The diverse forms of knowledge [59] that have resulted include techniques, methodologies and epistemologies that enable VIS to contribute meaningfully and effectively to problems, ranging from highly specialized academic domains to urgent and imminent global challenges. Rapid and flexible interactions with rich graphical depictions of data enable us to understand the complexities and nuances of atmospheric models [31,91,108], poetry composition [1,69], animal ecology [8,97,112], sporting performance [5,6,60,101], transport systems [4,7,14,15,107,117], evolution [73,76], cyber attacks [9,43,70], energy consumption [44,89], healthcare [38,45], genetics [39,81], and many other aspects of nature and society including epidemics and epidemiology [2,23,24,32,36,46,63]. ...
We report on an ongoing collaboration between epidemiological modellers and visualization researchers by documenting and reflecting upon knowledge constructs -- a series of ideas, approaches and methods taken from existing visualization research and practice -- deployed and developed to support modelling of the COVID-19 pandemic. Structured independent commentary on these efforts is synthesized through iterative reflection to develop: evidence of the effectiveness and value of visualization in this context; open problems upon which the research communities may focus; guidance for future activity of this type; and recommendations to safeguard the achievements and promote, advance, secure and prepare for future collaborations of this kind. In describing and comparing a series of related projects that were undertaken in unprecedented conditions, our hope is that this unique report, and its rich interactive supplementary materials, will guide the scientific community in embracing visualization in its observation, analysis and modelling of data as well as in disseminating findings. Equally we hope to encourage the visualization community to engage with impactful science in addressing its emerging data challenges. If we are successful, this showcase of activity may stimulate mutually beneficial engagement between communities with complementary expertise to address problems of significance in epidemiology and beyond. https://ramp-vis.github.io/RAMPVIS-PhilTransA-Supplement/
... (a) Geo-location visualization of many-to-many attacks[172], (b) An overview of the network graph visualization used in the literature[109], (c) demonstration of chart-based visualization techniques. ...
Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.
... Two main approaches to interface design are user-centered design (UCD), and ecological interface design (EID). On the one hand, UCD focuses on the capabilities and limitations of human operators, and seeks to amplify and extend their perceptual, cognitive, and performance capabilities ( [36]; [37]). On the other hand, EID focuses on the work domain, and seeks to design tools that support human operators by leveraging their perception, action, or cognitive capabilities ( [38]; [39]; [40]). ...
Cyber security visualization designers can benefit from human factors engineering concepts and principles to resolve key human factors challenges in visual interface design. We survey human factors concepts and principles that have been applied in the past decade of human factors research. We highlight these concepts and relate them to cybersecurity visualization design. We provide guidelines to help cybersecurity visualization designers address some human factors challenges in the context of interface design. We use ecological interface design approach to present human factors-based principles of interface design for visualization. Cyber security visualization designers will benefit from human factors engineering concepts and principles to resolve key human factors challenges in visual interface design.
... As mentioned in section 3.3, source country information is important data that can identify some types of attack characteristics. We used a world map to design the source country view because a map-based view can help find attack patterns [24] and our domain experts also strongly advised the need for visualization in the form of a world map. The statistics are displayed in gray and black heatmap colors to aid relative comparisons. ...
Intrusion detection and prevention systems (IDPSs) are at the core of protecting an enterprise’s network. In general, IDPSs use pre-defined rules to detect potential attacks. As the size of an organization grows and new types of intrusions appear, the quantity and complexity of the rules also increase. Moreover, IDPSs generate an overwhelming number of logs that are challenging to handle and analyze. For a more effective and integrative analysis and management of the rules and logs, we propose a novel visual analytics tool, Hyperion. Hyperion interactively visualizes rules to help users understand how the IDPS rules are managed and applied to the enterprise’s network entities. Hyperion also provides effective visualizations to enable users to visually analyze the type, period, traffic, and frequency of attacks in addition to a traditional count-based timeline visualization. Finally, Hyperion enables users to interactively simulate the effect of a change in parameters of a detection rule. These features can help streamline the security control cycle consisting of rule application, information collection, log analysis, and rule revision.
... Visualization Information visualization has proved successful in supporting learning [13]. Developers should consider deploying the use of user-centred design methods when creating visualisations in the cybersecurity domain [18]. Many examples of cybersecurity visualisations already exist, including Kaspersky Cyber Threat map [12] and the Talos Spam and Malware Map [22]. ...
The number of cyber-attacks are continuing to rise globally. It is therefore vital for organisations to develop the necessary skills to secure their assets and to protect critical national infrastructure. In this short paper, we outline upon human-computer interaction elements which should be considered when developing a cybersecurity training platform, in an effort to maintain levels of user engagement. We provide an overview of existing training platforms before covering specialist cyber ranges. Aspects of human-computer interaction are noted with regards to their relevance in the context of cyber ranges. We conclude with design suggestions when developing a cyber range platform.
... These are crucial qualities for SMEs, with emphasis on the importance of the low latency between SME's request for a change in visualization (change in applied filter, time window or other query parameters) and rendering of the visualized response from the system [9]. The challenge in creating meaningful visual tools for cybersecurity practitioners is in combining the expertise from specialists from the fields of data visualization and cybersecurity so that the resulting visualizations are effective and indeed useful for their intended users [10]. Further, creating visualizations useful for SMEs is not possible without an in-depth understanding of the tasks which the visualizations will support [11]. ...
Visualizations can enhance the efficiency of Cyber Defense Analysts, Cyber Defense Incident Responders and Network Operations Specialists (Subject Matter Experts, SME) by providing contextual information for various cybersecurity-related datasets and data sources. We propose that customized, stereoscopic 3D visualizations, aligned with SMEs internalized representations of their data, may enhance their capability to understand the state of their systems in ways that flat displays with either text, 2D or 3D visualizations cannot afford. For these visualizations to be useful and efficient, we need to align these to SMEs internalized understanding of their data. In this paper we propose a method for interviewing SMEs to extract their implicit and explicit understanding of the data that they work with, to create useful, interactive, stereoscopically perceivable visualizations that would assist them with their tasks.
... Visualization designers have multiple approaches on how to organize the design process of custom visualizations. In recent years, there has been a rise in human-centered design approaches under the umbrella of user-centered design [LD11,MSM15] to elicit user requirements, accompannied by an increasing interest in creative methods to discover visualization design opportunities [GDJ * 13, KGD * 19]. Participatory methodologies have been mentioned [HF06, LHS * 14, KAKC18] but are still rare, and therefore, understudied in visualization design research. ...
Co-creation is a design method where designers and domain experts work together to develop a product. In this paper, we present and evaluate the use of co-creation to design a visual information system with social science researchers in order to explore and analyze their data. Co-creation proposes involving the future users in the design process to ensure that they play a critical role in the design, and to increase the chances of long-term adoption. We evaluated the co-creation process through surveys, interviews and a user study. According to the participants' feedback, they felt listened to through co-creation, and considered the methodology helpful to develop visualizations that support their research in the near future. However, participation was far from perfect, particularly early career researchers showed limited interest in participating because they did not see the process as beneficial for their research publication goals. We summarize benefits and limitations of co-creation, together with our recommendations, as lessons learned.
... Their proper design requires study of the operators' goals, roles, and information needs [Endsley and Jones 2012], which should lead toward better awareness. Specific methodologies exist to facilitate awareness, and initial application Goal Directed Task Analysis and other cognitive task analysis methods in cybersecurity [Trent et al. 2019] suggest the effectiveness of those methods at better understanding of what human operators need to be aware [Mckenna et al. 2015]. ...
Demand is present among security practitioners for improving cyber situational awareness (SA), but capability and assessment have not risen to match. SA is an integral component of cybersecurity for everyone from individuals to business to response teams and threat exchanges. In this Field Note, we highlight existing research and our field observations, a recent review of cyber SA research literature, and call upon the research community to help address three research problems in situational awareness for cybersecurity. The gaps suggest the need to (1) understand what cyber SA is from the human operators? perspectives, then (2) measure it so that (3) the community can learn whether SA makes a difference in meaningful ways to cybersecurity, and whether methods, technology, or other solutions would improve SA and thus, improve those outcomes.
... These are crucial qualities for SMEs, with emphasis on the importance of the low latency between SME's request for a change in visualization (change in applied filter, time window or other query parameters) and rendering of the visualized response from the system [9]. The challenge in creating meaningful visual tools for cybersecurity practitioners is in combining the expertise from specialists from the fields of data visualization and cybersecurity so that the resulting visualizations are effective and indeed useful for their intended users [10]. Further, creating visualizations useful for SMEs is not possible without an in-depth understanding of the tasks which the visualizations will support [11]. ...
Visualizations can enhance the efficiency of Cyber Defense Analysts, Cyber Defense Incident Responders and Network Operations Specialists (Sub-ject Matter Experts, SME) by providing contextual information for various cy-bersecurity-related datasets and data sources. We propose that customized, stere-oscopic 3D visualizations, aligned with SMEs internalized representations of their data, may enhance their capability to understand the state of their systems in ways that flat displays with either text, 2D or 3D visualizations cannot afford. For these visualizations to be useful and efficient, we need to align these to SMEs internalized understanding of their data. In this paper we propose a method for interviewing SMEs to extract their implicit and explicit understanding of the data that they work with, to create useful, interactive, stereoscopically perceivable visualizations that would assist them with their tasks.
... Each column presents the total average sentiment output for a specific company shown by its label. In Ref. [25] they outline some design principles for security visualizations such as avoiding 3D graphics, avoiding complex visualizations that require explanations and providing aggregation of data that is easily readable. We have applied those principles and used a simple layout and common color scheme with positive sentiment being in green and negative being in red. ...
The Internet is constantly evolving, producing many new data sources that can be used to help us gain insights into the cyber threat landscape and in turn, allow us to better prepare for cyberattacks. With this in mind, we present an end-to-end real-time cyber situational awareness system which aims to retrieve security-relevant information from the social networking site Twitter.com. This system classifies and aggregates the data extracted and provides real-time cyber situational awareness information based on sentiment analysis and data analytics techniques. This research will assist security analysts in rapidly and efficiently evaluating the level of cyber risk in their organization and allow them to proactively take actions to plan and prepare for potential attacks before they happen.
... The user interface should motivate users to explore the data and learn from their mistakes. Applying the methods of user-centered design [26], [41] is, hence, a must. ...
Hands-on training is an effective way to practice theoretical cybersecurity concepts and increase participants' skills. In this paper, we discuss the application of visual analytics principles to the design, execution, and evaluation of training sessions. We propose a conceptual model employing visual analytics that supports the sensemaking activities of users involved in various phases of the training life cycle. The model emerged from our long-term experience in designing and organizing diverse hands-on cybersecurity training sessions. It provides a classification of visualizations and can be used as a framework for developing novel visualization tools supporting phases of the training life-cycle. We demonstrate the model application on examples covering two types of cybersecurity training programs.
... The user interface should motivate users to explore the data and learn from their mistakes. Applying the methods of user-centered design [26], [41] is, hence, a must. ...
Hands-on training is an effective way to practice theoretical cybersecurity concepts and increase participants' skills. In this paper, we discuss the application of visual analytics principles to the design, execution, and evaluation of training sessions. We propose a conceptual model employing visual analytics that supports the sensemaking activities of users involved in various phases of the training life cycle. The model emerged from our long-term experience in designing and organizing diverse hands-on cybersecurity training sessions. It provides a classification of visualizations and can be used as a framework for developing novel visualization tools supporting phases of the training life-cycle. We demonstrate the model application on examples covering two types of cybersecurity training programs.
... Eine Visual Analytics-Technik, um diese Problematik zu lösen, wurde von Jäckle et al. Präsentiert (Jäckle, et al., 2017 (Mckenna, et al., 2015;Stoll, et al., 2007). Grundidee dabei ist, die relevanten Nutzergruppen zu identifizieren und zu beschreiben, sodass grundlegende, aber auch spezielle Anforderungen an die Nutzer der Visualisierung im Vorfeld erkannt werden und beim Design entsprechend einfließen können. ...
Die zunehmende Technisierung und Digitalisierung der heutigen Gesellschaft hat in den letzten Jahren auch im öffentlichen Sicherheitsbereich zu erheblichen Veränderungen geführt. Vor allem die datengetriebene Digitalisierung und ihre wissenschaftliche Nutzung im Rahmen von Data Science tragen hierzu bei. Polizeien und private Sicherheitsdienstleister fokussieren, im Wege einer möglicherweise effizienteren und objektiveren Sicherheitsarbeit, verstärkt auf Methoden des Predictive Policing. Auf kriminalpolitischer Ebene lassen sich zudem vermehrt Implementierungsvorstöße zu prädiktiven Kriminalitätsanalysen verzeichnen. Nordrhein-Westfalen hat beispielsweise Ende des Jahres 2017 die Einführung einer Predictive-Policing-Umsetzung in allen polizeilichen Großbehörden des Landes beschlossen und zwischenzeitlich flächendeckend umgesetzt.
Die Begriffsbestimmung von Predictive Policing ist in Wissenschaft und Praxis zwar nicht einheitlich, sie umfasst aber grundsätzlich jegliche Form vorausschauender Polizeiarbeit. Das Spektrum der inhaltlichen Ausgestaltung ist groß, zum Beispiel ob mit täterbezogenen Prognosen gearbeitet wird oder ob raumbezogenen Prognosen erstellt werden. Die Landschaft an Umsetzungsmöglichkeiten ist im deutschsprachigen Raum entsprechend vielfältig.
Neben der verstärkten Implementierung von Predictive-Policing-Umsetzungen in den Polizeien, zeigt sich auch im wissenschaftlichen Diskurs, dass zwischenzeitlich eine Vielzahl an Arbeiten, Artikeln und Untersuchungsberichten publiziert wurde. Leider sind diese Auseinandersetzungen allesamt sehr heterogen über die verschiedenen wissenschaftlichen Disziplinen verteilt.
Ziel dieses Sammelbandes soll es sein, im Rahmen einer Bestandsaufnahme zu Predictive Policing für den deutschsprachigen Raum, eine Wissensbündelung zu schaffen. In diesem Zusammenhang sollen bestehende Umsetzungen von verschiedenen Polizeien inhaltlich und methodisch dargestellt sowie aus verschiedenen Wissenschaftsdisziplinen (z. B. der Soziologie, der Geografie oder den Rechtswissenschaften) positive wie negativen Auswirkungen von Predictive Policing diskutiert werden. Die Diskussionen zu Predictive Policing sind auch in Zeiten schneller technischer Veränderungen relativ stabil und ändern sich gerade mit Blick auf bestimmte Grundsatzfragen und -probleme nicht. Im Fokus stehen beispielsweise immer wieder
- methodische Aspekte des sog. Near-Repeat-Phänomens,
- die Schwierigkeiten bei der Wirkungszumessung,
- die Veränderung polizeilichen Kontrollverhaltens,
- die mögliche Stigmatisierung des Raumes oder aber
- die rechtlichen Befugnisse.
Mit diesem Sammelband sollen die wesentlichen Grundsatzfragen und -probleme so gebündelt werden, dass für den deutschsprachigen Raum ein Werk entsteht, welches auch den Leserinnen und Lesern einen umfassenden Überblick über Predictive Policing gibt. Gleichzeitig versteht sich der Sammelband als mögliche Hilfestellung bei zukünftigen kriminalpolitischen Entscheidungen, insbesondere mit Blick auf methodische, rechtliche und ethische Grenzen von Predictive Policing.
... On a finer granularity, Vosough et al. in [69] aimed to specifically analyze how to better establish requirements in real-world visualization projects. These works have done an effective job of promoting user-centered design, as more and more works in information visualization [19,21,24,34,43] have adopted the idea. ...
The development of usable visualization solutions is essential for ensuring both their adoption and effectiveness. User-centered design principles, which involve users throughout the entire development process, have been shown to be effective in numerous information visualization endeavors. We describe how we applied these principles in scientific visualization over a two year collaboration to develop a hybrid in situ/post hoc solution tailored towards combustion researcher needs. Furthermore, we examine the importance of user-centered design and lessons learned over the design process in an effort to aid others seeking to develop effective scientific visualization solutions.
... The SymNav visual component (Figure 3) allows for analyzing the symbolic tree and driving further computations. The visual solution has been designed together with four symbolic execution experts following a user-centered design paradigm [31]. During the first meeting, the experts described the typical workflow and outlined the initial user requirements. ...
Modern software systems require the support of automatic program analyses to answer questions about their correctness, reliability, and safety. In recent years, symbolic execution techniques have played a pivotal role in this field, backing research in different domains such as software testing and software security. Like other powerful machine analyses, symbolic execution is often affected by efficiency and scalability issues that can be mitigated when a domain expert interacts with its working, steering the computation to achieve the desired goals faster. In this paper we explore how visual analytics techniques can help the user to grasp properties of the ongoing analysis and use such insights to refine the symbolic exploration process. To this end, we discuss two real-world usage scenarios from the malware analysis and the vulnerability detection domains, showing how our prototype system can help users make a wiser use of symbolic exploration techniques in the analysis of binary code.
... McKenna et al. [41] claim that previous cyber-security visualization proposals have traditionally omitted discussing their effectiveness, and defend that the most efficient and effective methods are user-centered. Finally, in [42] Sharafaldin et al. explore and classify recent works in network security visualization, and present an evaluation framework for comparing and ranking them. ...
... In order to achieve the best possible results, this work follows the paradigm of problem-oriented research based on a design study, i.e., collaborating with real users to solve their tasks [37]. This type of research is rather underrepresented in literature [22], [27], [28], [37], [43]. Some examples therefore from different domains (from automotive to gait rehabilitation) are RelEx [37], KAMAS [44] or KAVAGait [45] leading to very important new insights for research as well as the related domains. ...
... User-Performance Modeling for Cyber Tool Design. Modeling how well a visualization or other tool might support an analyst's cyber task could supplement existing ways for designing effective tools in this domain, which include design studies (see [23] for examples) that are valuable but expensive to perform. As we mentioned earlier, modeling tools can be used to get fast, quantitative predictions on performance indicators like task speed. ...
Understanding cybersecurity in an environment is uniquely challenging due to highly dynamic and potentially-adversarial activity. At the same time, the stakes are high for performance during these tasks: failures to reason about the environment and make decisions can let attacks go unnoticed or worsen the effects of attacks. Opportunities exist to address these challenges by more tightly integrating computer agents with human operators. In this paper, we consider implications for this integration during three stages that contribute to cyber analysts developing insights and conclusions about their environment: data organization and interaction, toolsmithing and analytic interaction, and human-centered assessment that leads to insights and conclusions. In each area, we discuss current challenges and opportunities for improved human-machine teaming. Finally, we present a roadmap of research goals for advanced human-machine teaming in cybersecurity operations.
... On a finer granularity, Vosough et al. in [69] aimed to specifically analyze how to better establish requirements in real-world visualization projects. These works have done an effective job of promoting user-centered design, as more and more works in information visualization [19,21,24,34,43] have adopted the idea. ...
The development and design of visualization solutions that are truly usable is essential for ensuring both their adoption and effectiveness. User-centered design principles, which focus on involving users throughout the entire development process, are well suited for visualization and have been shown to be effective in numerous information visualization endeavors. In this paper, we report a two year long collaboration with combustion scientists that, by applying these design principles, generated multiple results including an in situ visualization technique and a post hoc probability distribution function (PDF) exploration tool. Furthermore, we examine the importance of user-centered design principles and describe lessons learned over the design process in an effort to aid others who also seek to work with scientists for developing effective and usable scientific visualization solutions.
... Sakai and Aert [70], for example, describe the use of card sorting for problem characterization. McKenna et al. [57] summarize the use of qualitative coding, personas, and data sketches in collaboration with security analysts. Koh et al. [37] describe workshops that demonstrate a wide range of visualizations to domain collaborators, a method that we have adapted for use in CVO workshops as described in Sec. ...
Applied visualization researchers often work closely with domain collaborators to explore new and useful applications of visualization. The early stages of collaborations are typically time consuming for all stakeholders as researchers piece together an understanding of domain challenges from disparate discussions and meetings. A number of recent projects, however, report on the use of creative visualization-opportunities (CVO) workshops to accelerate the early stages of applied work, eliciting a wealth of requirements in a few days of focused work. Yet, there is no established guidance for how to use such workshops effectively. In this paper, we present the results of a 2-year collaboration in which we analyzed the use of 17 workshops in 10 visualization contexts. Its primary contribution is a framework for CVO workshops that: 1) identifies a process model for using workshops; 2) describes a structure of what happens within effective workshops; 3) recommends 25 actionable guidelines for future workshops; and 4) presents an example workshop and workshop methods. The creation of this framework exemplifies the use of critical reflection to learn about visualization in practice from diverse studies and experience.
... Designing visualization for network infrastructure is an established research topic (see Marty 2009;McKenna et al. 2015), but remains a topic of ongoing interest (e.g., there are conferences and journals dedicated to cyber security visualization such as the IEEE Symposium on Visualization for Cyber Security). Marty (2009), for example, described the key tasks associated with visualization (e.g., data reporting, monitoring, historical analysis) and presented a visualization taxonomy for security data. ...
Security information and event management (SIEM) systems are generally used to monitor the network for malicious activities. These systems are capable of detecting a wide range of malicious activities in the network using built-in rules to generate alerts on malicious activities. Although SIEM systems provide comprehensive reports about each alert including relevant details such as, severity score, events, and events counts. However, a key limitation of SIEM systems is not presenting the rule’s status in real time before an alert is raised. This paper presents a novel visual tool that enables security analyst to grasp visually, and in real time a complete overview of SIEM rules execution, and alert circumstances that may happen in advance based on near-miss situation. Apart from the real time rules analysis, it also enables security analysts to explore the reasoning behind the alerts in an organized and efficient manner via security questions. The essence of the approach is to evaluate and visualize the current status of each rule execution according to pre-compiled conditions in real time. We demonstrate the utility of our approach using IBM QRadar events data to support the informative analysis of different rules in real time, and security questions based insight about the rules via story page.
... The talk will draw from research experience and field work with users on a number of cyber security research projects. Topics covered will include formative user research and the usercentered design process [1,2], situation awareness prototyping efforts [3,4], and evaluation methods for cyber security visualization tools [5]. Ms. Staheli joined Lincoln Laboratory in 2010, bringing ten years of experience in industry ranging from a small home-networking startup to a global information security company. ...
In this keynote, I will discuss the importance of human factors in cyber security and highlight lessons learned from conducting user-centered design activities with cyber security analysts.
As network traffic volume, interconnectedness of devices, and sophistication of cyber threats all continue to increase, so do concerns about the complexity of providing cyber security. Many research efforts focus on the technology aspects of cyber security; few focus on studying the challenges faced by the human ecosystem of analysts, operators, and senior leaders. User-centered design can help uncover unmet needs and gather requirements to build effective systems to support those that perform cyber security work. Design methods in this domain can help establish user needs, identify opportunities for technology to assist, and evaluate concepts - in this, talk we will discuss examples of each. Ultimately, by embracing the human element of cyber, and positioning the human as the focal point of the research process, we can help the technology community be more efficient at building effective tools. We encourage future cyber security projects to broaden the research methodologies, methods, and techniques at their disposal in order to more completely explore this space.
The talk will draw from research experience and field work with users on a number of cyber security research projects. Topics covered will include formative user research and the user-centered design process [1, 2], situation awareness prototyping efforts [3, 4], and evaluation methods for cyber security visualization tools [5].
... We are not alone in our human-centered approach to the study of cyber security. A number of user-centered design techniques have been employed to develop various tools for cyber security professionals [30]. Others have conducted interviews and field observations of network operation centers [17,32] and even immersive anthropological approaches [38]. ...
... It emphasizes identifying, analyzing and reporting patterns (or themes) within data [4]. Therefore, thematic analysis of five papers [9,10,12,14,20] was carried out. These papers presented results from cognitive task analysis (CTA) of security analysts and gave insight into the roles and tasks security analysts' perform and information about how to make cyber-security visualizations effective for them as end-users. ...
The area of visualization in cyber-security is advancing at a fast pace. However, there is a lack of standardized guidelines for designing and evaluating the resulting visualizations. Furthermore, limited end-user involvement in the design process leads to visualizations that are generic and often ineffective for cyber-security analysts. Thus, the adoption of the resultant cyber-security visualizations is low and this highlights a major research gap. This paper presents expert-interview based validation of EEVi - a model developed to aid in the design and evaluation process of cyber-security visualizations, with a view to make them more effective for cyber-security analysts. A visualization is considered effective if the characteristics of the visualization are essential for an analyst to competently perform a certain task. Thirteen experts were interviewed (six visualization designers and seven cyber-security analysts) and their feedback guided revisions to the model. The responses were subsequently transposed from qualitative data to quantitive data in order to perform statistical analyses on the overall data. This demonstrated that the perspectives of visualization designers and cyber-security analysts generally agreed in their views of effective characteristics for cyber- security visualization, however there was no statistically significant correlation in their responses.
... Currently, problem-oriented research is underrepresented in visualization literature (Lam et al., 2012;McKenna et al., 2016McKenna et al., , 2015Pirker and Nusser, 2016;Sedlmair et al., 2012b), even though these are essential for design and implementation of suitable visual analytics solutions. Therefore, we will first present some notable examples of problem characterization papers in other domains and then focus on visualization work of malware analysis. ...
Visual analytics (VA) aims to combine the strengths of the human user and computers for effective data analysis. In this endeavor, the user’s implicit knowledge from prior experience is an important asset that can be leveraged by both, the user and the computer to improve the analytics process. While VA environments are starting to include features to formalize, store and utilize such knowledge, the mechanisms and degree to which these environments integrate explicit knowledge varies widely. Additionally, a theoretical model and formalization of this class of VA environments is not available in the VA community yet. This doctoral thesis aims to close this gap by proposing a new theoretical high-level model conceptually grounded on the ‘Simple Visualization Model’ by Van Wijk supporting the visualization community. The new ‘Knowledge-assisted
VA Model’ provides the ability to describe all components and processes to characterize knowledge-assisted VA systems. Additionally, it supports visualization experts and designers by comparing and evaluating knowledge-assisted VA systems as well by creating new solutions. To demonstrate the model’s application, we use problem-driven research to study knowledge-assisted visualization systems for time-oriented data in the
context of two real world problems. The first case study focuses on the domain of IT-security to support experts during behavior-based malware analysis. Therefore, we developed KAMAS, a knowledge-assisted visualization system for behavior-based malware analysis, describing its design, implementation, and evaluation. Additionally, to support clinical gait analysts during their daily work, we conducted a second case study
developing KAVAGait, a knowledge-assisted VA solution for clinical gait analysis. In addition to applying the ‘Knowledge-assisted VA Model’ in two case studies, we also elaborate on two examples from literature. Moreover, we illustrated the utilization of the model for the comparison of different design alternatives and to evaluate existing approaches with respect to their use of knowledge. Our model provides the opportunity
to inspire designers by using the model as a high-level blueprint to generate new VA environments using explicit knowledge effectively. Additionally, we observed that the VA process benefits in several ways by explicit knowledge: 1) by including it into the automated data analysis process; 2) for adapting the system’s specification and 3) to faster gain new implicit knowledge about the data. Finally, we present possible future
directions for future research on the integration of explicit knowledge in VA.
Real-time situation awareness is a key challenge of cybersecurity defense. Visual analytics has been utilized for this purpose, but existing tools tend to require detailed knowledge about the network, which can be challenging in large-scale, production networks. We conducted an interview study involving 24 security professionals to gather requirements for the design, development, and evaluation of visualization to aid situation awareness in cybersecurity. Using these findings, we designed a visualization tool – called RIVERSIDE – for providing a real-time view of the dynamically changing computer network to support situation awareness. We evaluated Riverside in a user study involving 10 participants. Participants were placed in an incident response scenario that tasked them to identify malicious activity on a network. 20% of the users identified all attack component, while an additional 40% only missed one component.
As information technologies continue to expand, especially for the asset, network, mobile, and web applications, the Internet has become an integral part of modern corporate information systems. With the development of web technologies, the popularity of web/mobile-based applications has grown tremendously. There is extensive use of websites for information dissemination many times critical too by the government organizations. The hackers target these government web applications. In this paper, the Continuous Vulnerability Assessment (CVA) security dashboard is proposed for vulnerability management, monitoring, identification, visualization, reporting, mitigation, and remediation based on the mathematical model of the Risk Score Index (RSI). This dashboard tackles the challenging issue of the development of an orchestrated interface that leads to future data analytics as it addresses the requirement of all the automated security processes by evaluating real-time 535 state government web applications from the last 6 years (i.e. 2015–2021). The findings of the study have been implemented on state government networks to examine the confidentiality concerns of the cybersecurity vulnerability status. The experimental results indicate that there is an improvement in the security features of the State Organization's network as well as applications in comparison to the Bubblenet, Blockchain Signaling System (BloSS), and Conventional Security Systems (CSS).
This chapter discusses the exploration of possibilities for adapting the CS-AWARE platform to the needs of different user groups, following an agile rapid prototyping and validation approach. This analysis is carried out by combining the results of the workshops assessed during CS-AWARE with an empirical evaluation regarding visualization techniques in state-of-the-art research. The results are used as a baseline regarding requirements for an interdependent multi-stakeholder collaborative environment encompassing the concepts of collaboration & communication, multi-stakeholder involvement, multi-stakeholder visualization, and situational awareness. A prototype testbed is used to evaluate the findings from employees working in cybersecurity as a focus group, as well as the general IT and economic sector to enable a cross-domain evaluation. The overall results focus on insights pertaining to data exploration, communication, and distinctions between research and market implementations.
Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users' perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.
Although Immersive Analytics solutions are now developed in order to ease data analysis, cyber security systems are still using classical graphical representations and are not harnessing yet the potential of virtual reality systems and collaborative virtual environments. 3D Collaborative Virtual Environments (3DCVE) can be used in order to merge learning and data analysis approaches, as they can allow users to have a better understanding of a cyber situation by mediating interactions towards them and also by providing different points of view of the same data, on different scales. So we propose a 3D Cyber Common Operational Picture (3D CyberCOP) that will allow operators to face together a situation by using immersive and non immersive visualizations and by collaborating through user-defined roles. After visiting French Security Operations Centers (SOCs), we have defined a collaborative interaction model and some use-cases, to assess of the effectiveness of our solution.
Although cybersecurity is a domain where data analysis and training are considered of the highest importance, few virtual environments for cybersecurity are specifically developed, while they are used efficiently in other domains to tackle these issues.
Managing healthcare organizational cybersecurity risk is complex. This work examines government reported patient health data breaches to learn more about trends in reported breaches to inform organizational risk budgeting, trends and focus areas. In many cases, organizations only have enough time to survive daily risk management activities. They all too often have little, if any, time for actual risk management research beyond third-party vendor threat intelligence. Our research fills this gap by analyzing the breach data reported to the United States (US) Health and Human Services (HHS) Office of Civil Rights (OCR) from May 1, 2018 until May 1, 2019. The analysis reports on trends from breach factors reported to the government to further inform cybersecurity patient health data risk management.
Visualization helps to comprehend and analyse large amounts of data, a fundamental necessity for network security due to the large volume of audits traces produced each day. In this paper, we dissect the majority of recent work conducted in network security visualization and offer a taxonomy that provides a basis for classifying recently published works using nine criteria. Moreover, a comprehensive evaluation framework for comparing and ranking network security visualization systems and techniques is developed and presented. Finally, we present a taxonomy of network attacks, which covers most of the existing network attacks and provides a framework for the categorization of recent network security visualization systems.
Although collaborative practices between cyber organizations are well documented, managing activities within these organizations is still challenging as cyber operators tasks are very demanding and usually done individually. As human factors studies in cyber environments are still difficult to perform, tools and collaborative practices are evolving slowly and training is always required to increase teamwork efficiency. Contrary to other research fields, cyber security is not harnessing yet the capabilities of Collaborative Virtual Environments (CVE) which can be used both for immersive and interactive data visualization and serious gaming for training. In order to tackle cyber security teamwork issues, we propose a 3D CVE called the 3D Cyber Common Operational Picture, which aims at taking advantage of CVE practices to enhance cyber collaborative activities. Based on four Security Operations Centers (SOCs) visits we have made in different organizations, we have designed a cyber collaborative activity model which has been used as a reference to design our 3D CyberCOP platform features, such as asymetrical collaboration, mutual awareness and roles specialization. Our approach can be adapted to several use cases, and we are currently developing a cyber incident analysis scenario based on an event-driven architecture, as a proof of concept.
Applied visualization researchers often work closely with domain collaborators to explore new and useful applications of visualization. The early stages of collaborations are typically time consuming for all stakeholders as researchers piece together an understanding of domain challenges from disparate discussions and meetings. A number of recent projects, however, report on the use of creative visualization-opportunities (CVO) workshops to accelerate the early stages of applied work, eliciting a wealth of requirements in a few days of focused work. Yet, there is no established guidance for how to use such workshops effectively. In this paper, we present the results of a 2-year collaboration in which we analyzed the use of 17 workshops in 10 visualization contexts. Its primary contribution is a framework for CVO workshops that: 1) identifies a process model for using workshops; 2) describes a structure of what happens within effective workshops; 3) recommends 25 actionable guidelines for future workshops; and 4) presents an example workshop and workshop methods. The creation of this framework exemplifies the use of critical reflection to learn about visualization in practice from diverse studies and experience.
Applying a user-centered design (UCD) process within the framework of a learning healthcare system (LHS), this study unearths role-specific performance measures to support operational and financial decision making in community health centers (CHCs). We first built a multidimensional EHR/Practice Management data warehouse through a large collaborative of seven CHCs in the state of Indiana aimed at improving efficiency and access to care. A UCD process that comprised contextual interviews, card sorting and high fidelity dashboard prototyping was used to uncover over 45 different operational performance measures, many of which were unique and hitherto unknown measures of relevance to different individual roles within a CHC that included frontline staff, providers, clinical support, and executive management. Within the LHS paradigm, the study highlights the value of role-specific performance measurement and their delivery through interactive user-centered visualizations, while continuing to guide the development of future informatics tools.
Efficiency and interference shielding are critical factors for conducting successful cognitive task analysis (CTA) of cyber-attack analysis. To achieve this goal, a tool, named ARSCA, is developed to work with an analyst during a cyber-attack analysis task and to capture the main elements in his/her cognitive process. ARSCA conducts process tracing in a way that reduces the study time and the workload needed for analysts and does not distract the analysts from executing their tasks. ARSCA has been tested in an experiment with a simulated cyber-attack analysis task. Thirteen professional analysts and seventeen doctoral students specializing in cyber security are recruited. We evaluate the captured traces and the participants’ feedbacks on working with ARSCA.
Various case studies in different application domains have shown the great potential of visual parameter space analysis to support validating and using simulation models. In order to guide and systematize research endeavors in this area, we provide a conceptual framework for visual parameter space analysis problems. The framework is based on our own experience and a structured analysis of the visualization literature. It contains three major components: (1) a data flow model that helps to abstractly describe visual parameter space analysis problems independent of their application domain; (2) a set of four navigation strategies of how parameter space analysis can be supported by visualization tools; and (3) a characterization of six analysis tasks. Based on our framework, we analyze and classify the current body of literature, and identify three open research gaps in visual parameter space analysis. The framework and its discussion are meant to support visualization designers and researchers in characterizing parameter space analysis problems and to guide their design and evaluation processes.
Current approaches to visualization have resulted in many engaging and useful visualization techniques for a variety of data and tasks. As we begin to encounter new visualization problems, such as those with Big Data, we propose considering alternatives to traditional approaches. We suggest an approach influenced by the artistic and creative design community to help drive innovation in visualization research. The design-first approach focuses on the human, without influence from the data or the user requirements until a visual concept is developed. This approach offers a fresh perspective that can enhance or be an alternative to traditional visualization approaches, particularly for difficult visualization problems. We describe two case studies that used this approach to generate creative visualization solutions for a particularly difficult visual analytics challenge.
We created a pixel map for multivariate data based on an analysis of the needs of network security engineers. Parameters of a log record are shown as pixels and these pixels are stacked to repre-sent a record. This allows a broad view of a data set on one screen while staying very close to the raw data and to expose common and rare patterns of user behavior through the visualization itself (the "Carpet"). Visualizations that immediately point to areas of suspicious activity without requiring extensive fltering, help net-work engineers investigating unknown computer security inci-dents. Most of them, however, have limited knowledge of ad-vanced visualization techniques, while many designers and data scientists are unfamiliar with computer security topics. To bridge this gap, we developed visualizations together with engineers, fol-lowing a co-creative process. We will show how we explored the scope of the engineers' tasks and how we jointly developed ideas and designs. Our expert evaluation indicates that this visualization helps to scan large parts of log fles quickly and to defne areas of interest for closer inspection.
Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.
This paper offers insights to how cyber security analysts establish and maintain situation awareness of a large computer network. Through a series of interviews, observations, and a card sorting activity, we examined the ques-tions analysts asked themselves during a network event. We present the results of our work as a taxonomy of cyber awareness questions that represents a mental model of situation awareness in cyber security analysts.
The goal of cyber security visualization is to help analysts in-crease the safety and soundness of our digital infrastructures by providing effective tools and workspaces. Visualization research-ers must make visual tools more usable and compelling than the text-based tools that currently dominate cyber analysts' tool chests. A cyber analytics work environment should enable multi-ple, simultaneous investigations and information foraging, as well as provide a solution space for organizing data. We describe our study of cyber-security professionals and visualizations in a large, high-resolution display work environment and the analytic tasks this environment can support. We articulate a set of design princi-ples for usable cyber analytic workspaces that our studies have brought to light. Finally, we present prototypes designed to meet our guidelines and a usability evaluation of the environment.
NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet– capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the mon-itored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report pre-liminary results on the development of a suite of visualiza-tion tools that are intended to complement command line tools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three vi-sual paradigms: activity diagrams that display various as-pects of multiple individual host behaviors as color 1 coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume be-haviors of an individual host over a period of time. The system supports drill down for additional detail and piv-oting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a re-lational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.
Analysing users in their context of work and finding out how and why they use different information resources is essential
to provide interactive visualisation systems that match their goals and needs. Designers should actively involve the intended
users throughout the whole process. This chapter presents a user-centered approach for the design of interactive visualisation
systems. We describe three phases of the iterative visualisation design process: the early envisioning phase, the global specification
phase, and the detailed specification phase. The whole design cycle is repeated until some criterion of success is reached.
We discuss different techniques for the analysis of users, their tasks and domain. Subsequently, the design of prototypes
and evaluation methods in visualisation practice are presented. Finally, we discuss the practical challenges in design and
evaluation of collaborative visualisation environments. Our own case studies and those of others are used throughout the whole
chapter to illustrate various approaches.
KeywordsDesign process–User analysis–Task analysis–Domain analysis–User profile–Task model–Visualisation design–Evaluation
The development of security visualization applications must involve the user in the design process in order to create usable
systems. However, it is all too easy to lose track of the user during the design and development process, even though upfront
investment in extensive user requirements gathering has proven benefits. To address this challenge, we adapt a user-centered
design method called personas that enables effective requirements capture for varying scopes of requirements-gathering efforts, and, when used properly,
keeps the user involved at every step of the process from design to evaluation.
The objective of this paper is to show how approaches for user-centered information visualization design and development are being applied in the context of healthcare where users are not familiar with information visualization techniques. We base our design methods on user-centered frameworks in which 'prototyping' plays an important role in the process. We modify existing approaches to involve prototyping at an early stage of the process as the problem domain is assessed. We believe this to be essential, as it increases users' awareness of what information visualization techniques can offer them and that it enables users to participate more effectively in later stages of the design and development process. This also acts as a stimulus for engagement. The problem domain analysis stage of a pilot study using this approach is presented, in which techniques are being collaboratively developed with domain users from a healthcare institution. Our results suggest that this approach has engaged users, who are subsequently able to apply generic information visualization concepts to their domains and as a result are better equipped to take part in the subsequent collaborative design and development process.
Personas are a popular technique in User-Centered Design, however their validity can be called into question. While the techniques used to developed personas and their integration with other design activities provide some measure of validity, a persona's legitimacy can be threatened by challenging its characteristics. This note presents Persona Cases: personas whose characteristics are both grounded in, and traceable to their originating source of empirical data. This approach builds on the premise that sense-making in qualitative data analysis is an argumentative activity, and aligns concepts associated with a Grounded Theory analysis with recent work on arguing the characteristics of personas. We illustrate this approach using a case study in the Critical Infrastructure Protection domain.
Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.
This paper presents the intrusion detection toolkit (IDtk), an information visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identified design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, firewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or field studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to fill this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum flexibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This flexibility was found crucial in our usability evaluation. In addition to describing the tool, we report the findings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.
An Internet cyber threat monitoring system detects cyber threats using network sensors deployed at particular points on the Internet, statistically analyzes the time of attack, source of attack, and type of attack, and then visualizes the result of this analysis. Existing systems, however, simply visualize country-by-country statistics of attacks or hourly changes of attacks. Using these systems, it is difficult to understand the source of attack, the diffusion of the attack, or the relation between the target and the source of the attack. This paper described a method for visualizing cyber threats by using 2-dimensional matrix representation of IP addresses. The advantages of this method are that: (1) the logical distance of IP addresses is represented intuitively; (2) Internet address space is visualized economically; (3) macroscopic information (Internet level) and microscopic information (local level) are visualized simultaneously. By using this visualization framework, propagation of the Welchia worm and the Sasser.D worm are visualized.
Intrusion detection (ID) systems have become increasingly accepted as an essential layer in the information security infrastructure. However, there has been little research into understanding the human component of ID work. Currently, security analysts face an increasing workload as their environments expand and attacks become more frequent. We conducted contextual interviews with security analysts to gain an understanding of the people and work of ID. Our findings reveal that organizational changes must be combined with improved technical tools for effective, long-term solutions to the difficulties of scaling ID work. We propose a three-phase task model in which tasks could be decoupled according to requisite expertise. In particular, monitoring tasks can be separated and staffed by less experienced ID analysts with corresponding tool support. Thus, security analysts will be better able to cope with increasing security threats in their expanding networks. Additionally, organizations will be afforded more flexibility in hiring and training new analysts.
The goal of our project is to create a set of next-generation cyber situational-awareness capabilities with applications to other domains in the long term. The situational-awareness capabilities being developed focus on novel visualization techniques as well as data analysis techniques designed to improve the comprehensibility of the visualizations. The objective is to improve the decision-making process to enable decision makers to choose better actions. To this end, we put extensive effort into ensuring we had feedback from network analysts and managers and understanding what their needs truly are. This paper discusses the cognitive task analysis methodology we followed to acquire feedback from the analysts. This paper also provides the details we acquired from the analysts on their processes, goals, concerns, etc. A final result we describe is the generation of a task-flow diagram.
Persona is a technique being used by practicing designers in interaction design. Existing research presents the ways personas should/could be used, or report new efforts of making good use of the persona concept. Comparing to the primary idea of persona, this paper explores some manners with which practitioners actually utilize persona in their work, which has not been emphasized in-depth in current literatures. Our findings provide an initial step showing how practitioners in a creative way develop various usages of personas in practice. We believe this research not only expands the understanding of personas in design, but also gives insights about how practicing designers adapt and make design "tools" their own.
Much has been written on creating personas â both what they are good for, and how to create them. A common problem with personas is that they are not based on firsthand customer data, and if they are, the data set is not of a sample size that can be considered statistically significant. In this paper, we describe a new method for creating and validating personas, based on the statistical analysis of data, which is fast and cost effective.
We take a new, scenario based look at evaluation in information visualization. Our seven scenarios, evaluating visual data analysis and reasoning, evaluating user performance, evaluating user experience, evaluating environments and work practices, evaluating communication through visualization, evaluating visualization algorithms, and evaluating collaborative data analysis were derived through an extensive literature review of over 800 visualization publications. These scenarios distinguish different study goals and types of research questions and are illustrated through example studies. Through this broad survey and the distillation of these scenarios we make two contributions. One, we encapsulate the current practices in the information visualization research community and, two, we provide a different approach to reaching decisions about what might be the most effective evaluation of a given information visualization. Scenarios can be used to choose appropriate research questions and goals and the provided examples can be consulted for guidance on how to design one's own study.
Visualization can provide valuable assistance for data analysis and decision making tasks. However, how people perceive and interact with a visualization tool can strongly influence their understanding of the data as well as the system's usefulness. Human factors therefore contribute significantly to the visualization process and should play an important role in the design and evaluation of visualization tools. Several research initiatives have begun to explore human factors in visualization, particularly in perception-based design. Nonetheless, visualization work involving human factors is in its infancy, and many potentially promising areas have yet to be explored. Therefore, this paper aims to 1) review known methodology for doing human factors research, with specific emphasis on visualization, 2) review current human factors research in visualization to provide a basis for future investigation, and 3) identify promising areas for future research.
The Visualization for Cyber Security research community (VizSec) addresses longstanding challenges in cyber security by adapting and evaluating information visualization techniques with application to the cyber security domain. This research effort has created many tools and techniques that could be applied to improve cyber security, yet the community has not yet established unified standards for evaluating these approaches to predict their operational validity. In this paper, we survey and categorize the evaluation metrics, components, and techniques that have been utilized in the past decade of VizSec research literature. We also discuss existing methodological gaps in evaluating visualization in cyber security, and suggest potential avenues for future research in order to help establish an agenda for advancing the state-of-the-art in evaluating cyber security visualizations.
As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.
Behavior-based analysis of emerging malware families involves finding suspicious patterns in large collections of execution traces. This activity cannot be automated for previously unknown malware families and thus malware analysts would benefit greatly from integrating visual analytics methods in their process. However existing approaches are limited to fairly static representations of data and there is no systematic characterization and abstraction of this problem domain. Therefore we performed a systematic literature study, conducted a focus group as well as semi-structured interviews with 10 malware analysts to elicit a problem abstraction along the lines of data, users, and tasks. The requirements emerging from this work can serve as basis for future design proposals to visual analytics-supported malware pattern analysis.
What does it take to be a successful visualization in cyber security? This question has been explored for some time, resulting in many potential solutions being developed and offered to the cyber security community. However, when one reflects upon the successful visualizations in this space they are left wondering where all those offerings have gone. Excel and Grep are still the kings of cyber security defense tools; there is a great opportunity to help in this domain, yet many visualizations fall short and are not utilized.
In this paper we present seven challenges, informed by two user studies, to be considered when developing a visualization for cyber security purposes. Cyber security visualizations must go beyond isolated solutions and "pretty picture" visualizations in order to impact users. We provide an example prototype that addresses the challenges with a description of how they are met. Our aim is to assist in increasing utility and adoption rates for visualization capabilities in cyber security.
Cyber Network degradation and exploitation can covertly turn an organization's technological strength into an operational weakness. It has become increasingly imperative, therefore, for an organization's personnel to have an awareness of the state of the Cyber Network that they use to carry out their mission. Recent high-level government initiatives along with hacking and exploitation in the commercial realm highlight this need for general Cyber Situational Awareness (SA). While much of the attention in both the military and commercial cyber security communities is on abrupt and blunt attacks on the network, the most insidious cyber threat to organizations are subtle and persistent attacks leading to compromised databases, processing algorithms, and displays. We recently began an effort developing software tools to support the Cyber SA of users at varying levels of responsibility and expertise (i.e., not just the network administrators). This paper presents our approach and preliminary findings from a CTA we conducted with an operational Subject Matter Expert to uncover the situational awareness requirements of such a tool. Results from our analysis indicate a list of preliminary categories of these requirements, as well as specific questions that will drive the design and development of our SA tool. Copyright 2010 by Human Factors and Ergonomics Society, Inc. All rights reserved.
An important aspect in visualization design is the connection between what a designer does and the decisions the designer makes. Existing design process models, however, do not explicitly link back to models for visualization design decisions. We bridge this gap by introducing the design activity framework, a process model that explicitly connects to the nested model, a well-known visualization design decision model. The framework includes four overlapping activities that characterize the design process, with each activity explicating outcomes related to the nested model. Additionally, we describe and characterize a list of exemplar methods and how they overlap among these activities. The design activity framework is the result of reflective discussions from a collaboration on a visualization redesign project, the details of which we describe to ground the framework in a real-world design process. Lastly, from this redesign project we provide several research outcomes in the domain of cybersecurity, including an extended data abstraction and rich opportunities for future visualization research.
A Cognitive Task Analysis (CTA) was performed to investigate the workflow, decision processes, and cognitive demands of information assurance (IA) analysts responsible for defending against attacks on critical computer networks. We interviewed and observed 41 IA analysts responsible for various aspects of cyber defense in seven organizations within the US Department of Defense (DOD) and industry. Results are presented as workflows of the analytical process and as attribute tables including analyst goals, decisions, required knowledge, and obstacles to successful performance. We discuss how IA analysts progress through three stages of situational awareness and how visual representations are likely to facilitate cyber defense situational awareness.
We present the design of a visualization technique based on the results of a human in the loop process, which relied on network managers and network analysts. This visualization design was directly targeted at supporting tasks identified by the domain experts. This was the need for the ability to provide rapid and immediate assessment of the state of the network and associated hosts. This visualization technique, the Cyber Command Gauge Cluster (CCGC), allows analysts to review the state of the network and locate potentially problematic anomalies, drill down into those anomalies, and prioritize the anomalies for detailed analysis and remediation. By providing a summary representation combined with independent representations of critical parameters, the technique is unique in its ability to aid decision makers in making rapid assessments and prioritization of identified anomalies. While the prototype focuses on network analysis, the technique is devised to provide generalized support for situational awareness in any domain. The generalized parameter mapping allows the technique to be applicable to any level of decision making, from the front-line network analyst to the CIO.
This paper describes a web-based visualization system designed for network security analysts at the U.S. Army Research Laboratory (ARL). Our goal is to provide visual support to the analysts as they investigate security alerts for malicious activity within their systems. Our ARL collaborators identified a number of important requirements for any candidate visualization system. These relate to the analyst's mental models and working environment, and to the visualization tool's configurability, accessibility, scalability, and "fit" with existing analysis strategies. To meet these requirements, we designed and implement a web-based tool that uses different types of charts as its core representation framework. A JavaScript charting library (RGraph) was extended to provide the interface flexibility and correlation capabilities needed to support analysts as they explore different hypotheses about a potential attack. We describe key elements of our design, explain how an analyst's intent is used to generate different visualizations, and show how the system's interface allows an analyst to rapidly produce a sequence of visualizations to explore specific details about a potential attack as they arise. We conclude with a discussion of plans to further improve the system, and to collect feedback from our ARL colleagues on its strengths and limitations in real-world analysis scenarios.
Design studies are an increasingly popular form of problem-driven visualization research, yet there is little guidance available about how to do them effectively. In this paper we reflect on our combined experience of conducting twenty-one design studies, as well as reading and reviewing many more, and on an extensive literature review of other field work methods and methodologies. Based on this foundation we provide definitions, propose a methodological framework, and provide practical guidance for conducting design studies. We define a design study as a project in which visualization researchers analyze a specific real-world problem faced by domain experts, design a visualization system that supports solving this problem, validate the design, and reflect about lessons learned in order to refine visualization design guidelines. We characterize two axes - a task clarity axis from fuzzy to crisp and an information location axis from the domain expert's head to the computer - and use these axes to reason about design study contributions, their suitability, and uniqueness from other approaches. The proposed methodological framework consists of 9 stages: learn, winnow, cast, discover, design, implement, deploy, reflect, and write. For each stage we provide practical guidance and outline potential pitfalls. We also conducted an extensive literature survey of related methodological approaches that involve a significant amount of qualitative field work, and compare design study methodology to that of ethnography, grounded theory, and action research.
Increasing amounts of data offer great opportunities to promote technological progress and business success. Visual analytics (VA) aims at enabling the exploration and the understanding of large and complex data sets by intertwining interactive visualization, data analysis, human–computer interaction, as well as cognitive and perceptual science. We propose a design triangle, which considers three main aspects to ease the design: (1) the characteristics of the data, (2) the users, and (3) the users' tasks. Addressing the particular characteristics of time and time-oriented data focuses the VA methods, but turns the design space into a more complex and challenging one. We demonstrate the applicability of the design triangle by three use cases tackling the time-oriented aspects explicitly. Our design triangle provides a high-level framework, which is simple and very effective for the design process as well as easily applicable for both, researchers and practitioners.
We present an assessment of the state and historic development of evaluation practices as reported in papers published at the IEEE Visualization conference. Our goal is to reflect on a meta-level about evaluation in our community through a systematic understanding of the characteristics and goals of presented evaluations. For this purpose we conducted a systematic review of ten years of evaluations in the published papers using and extending a coding scheme previously established by Lam et al. [2012]. The results of our review include an overview of the most common evaluation goals in the community, how they evolved over time, and how they contrast or align to those of the IEEE Information Visualization conference. In particular, we found that evaluations specific to assessing resulting images and algorithm performance are the most prevalent (with consistently 80-90% of all papers since 1997). However, especially over the last six years there is a steady increase in evaluation methods that include participants, either by evaluating their performances and subjective feedback or by evaluating their work practices and their improved analysis and reasoning capabilities using visual tools. Up to 2010, this trend in the IEEE Visualization conference was much more pronounced than in the IEEE Information Visualization conference which only showed an increasing percentage of evaluation through user performance and experience testing. Since 2011, however, also papers in IEEE Information Visualization show such an increase of evaluations of work practices and analysis as well as reasoning using visual tools. Further, we found that generally the studies reporting requirements analyses and domain-specific work practices are too informally reported which hinders cross-comparison and lowers external validity.
This paper reports on investigations of how computer network defense (CND) analysts conduct their analysis on a day-to-day
basis and discusses the implications of these cognitive requirements for designing effective CND visualizations. The supporting
data come from a cognitive task analysis (CTA) conducted to baseline the state of the practice in the U.S. Department of Defense
CND community. The CTA collected data from CND analysts about their analytic goals, workflow, tasks, types of decisions made,
data sources used to make those decisions, cognitive demands, tools used and the biggest challenges that they face. The effort
focused on understanding how CND analysts inspect raw data and build their comprehension into a diagnosis or decision, especially
in cases requiring data fusion and correlation across multiple data sources. This paper covers three of the findings from
the CND CTA: (1) the hierarchy of data created as the analytical process transforms data into security situation awareness;
(2) the definition and description of different CND analysis roles; and (3) the workflow that analysts and analytical organizations
engage in to produce analytic conclusions.
This paper reviews and reappraises the current research on the cognitive task analysis methodology for job or task design and analysis. Specifically, it classifies the current cognitive task analysis methods for job or task design and analysis, sorts out commonalities and differences among all these cognitive task analysis methodology for job and task design and analysis by conducting pros and cons comparisons, and provides guidelines in selecting cognitive task analysis methods for job and task design and analysis. Moreover, based on the current literature review, a validated human-centered information-processing model for cognitive task performance was developed based on human information processing theory. This new model focuses on identifying all cognitive aspects of human performance in technical work, with the goal of assisting job (re)design to increase human job performance.
Personas is an interaction design technique with considerable potential for software product development. In three years of use, our colleagues and we have extended Alan Cooper s technique to make Personas a powerful complement to other usability methods. After describing and illustrating our approach, we outline the psychological theory that explains why Personas are more engaging than design based primarily on scenarios. As Cooper and others have observed, Personas can engage team members very effectively. They also provide a conduit for conveying a broad range of qualitative and quantitative data, and focus attention on aspects of design and use that other methods do not.
Working with three domain specialists we investigate human-centered approaches to geovisualization following an ISO13407 taxonomy covering context of use, requirements and early stages of design. Our case study, undertaken over three years, draws attention to repeating trends: that generic approaches fail to elicit adequate requirements for geovis application design; that the use of real data is key to understanding needs and possibilities; that trust and knowledge must be built and developed with collaborators. These processes take time but modified human-centred approaches can be effective. A scenario developed through contextual inquiry but supplemented with domain data and graphics is useful to geovis designers. Wireframe, paper and digital prototypes enable successful communication between specialist and geovis domains when incorporating real and interesting data, prompting exploratory behaviour and eliciting previously unconsidered requirements. Paper prototypes are particularly successful at eliciting suggestions, especially for novel visualization. Enabling specialists to explore their data freely with a digital prototype is as effective as using a structured task protocol and is easier to administer. Autoethnography has potential for framing the design process. We conclude that a common understanding of context of use, domain data and visualization possibilities are essential to successful geovis design and develop as this progresses. HC approaches can make a significant contribution here. However, modified approaches, applied with flexibility, are most promising. We advise early, collaborative engagement with data – through simple, transient visual artefacts supported by data sketches and existing designs – before moving to successively more sophisticated data wireframes and data prototypes.
The goal of our project is to create a set of next-generation cyber situational-awareness capabilities with applications to other domains in the long term. The objective is to improve the decision-making process to enable decision makers to choose better actions. To this end, we put extensive effort into making certain that we had feedback from network analysts and managers and understand what their genuine needs are. This article discusses the cognitive task-analysis methodology that we followed to acquire feedback from the analysts. This article also provides the details we acquired from the analysts on their processes, goals, concerns, the data and metadata that they analyze. Finally, we describe the generation of a novel task-flow diagram representing the activities of the target user base.
NStreamAware: Real-time visual analytics for data streams to enhance situational awareness
- fischer
ISO 9241-210: 2009. Ergonomics of human system interaction-Part 210: Human-centred design for interactive systems (formerly known as 13407)
- dis