The goal of cyber security visualization is to help analysts increase the safety and soundness of our digital infrastructures by providing effective tools and workspaces. Visualization researchers must make visual tools more usable and compelling than the text-based tools that currently dominate cyber analysts' tool chests. A cyber analytics work environment should enable multiple, simultaneous investigations and information foraging, as well as provide a solution space for organizing data. We describe our study of cyber-security professionals and visualizations in a large, high-resolution display work environment and the analytic tasks this environment can support. We articulate a set of design principles for usable cyber analytic workspaces that our studies have brought to light. Finally, we present prototypes designed to meet our guidelines and a usability evaluation of the environment. KEYWORDS:Cyber analytics; cyber security; visualization; usability; large, high-resolution displays; cognitive task analysis. INTRODUCTIONCyber analysts who defend our computer infrastructures use primitive, command-line tools that are ineffective at the high volume and velocity of the data they must process. They have resisted using visualizations, partly because no visualization has yet met their complex needs. We believe this is because their tasks, work environments, and requirements have not yet been studied sufficiently. We need more user-centered design in the solutions we offer. Large displays have been valuable in other applications with massive data [1], and we suspect that they can be helpful in this application, too.Cyber analytics is a new science of analysis for understanding the behavior of computers and computer networks from the data they generate-discerning the story hidden inside massive cyber data. Many job descriptions include cyber analytic tasks, such as system administration, cyber security, and design and maintenance of computer infrastructures. In this paper, we concentrate on cyber analysis for securing enterprises and large infrastructures of related organizations. We found the behaviors of the cyber analysts we studied were distinct from behaviors of analysts in other domains such as intelligence analysis.For cyber security professionals, a usable workspace should support multiple, simultaneous, open-ended investigations. Separate tasks that arise from distinct tip-off points may eventually connect, implying the need for an overview of all active tasks and their relationships. Analysts desire to find connections that point to the sources of threats to the system they are defending. Using the analogy of information foraging [2], cyber analysts are tracking big game. Individual clues are only valuable if they support other clues that point to the same root cause. To acquire multiple, complementary information items, cyber analysts rapidly switch between analytic inquiries, multi-tasking and refining or broadening queries as they investigate potential leads.Analysts need tools that interopera...
The objective of this paper is to present a system for interrogating immense social media streams through analytical methodologies that characterize topics and events critical to tactical and strategic planning. First, we propose a conceptual framework for interpreting social media as a sensor network. Time-series models and topic clustering algorithms are used to implement this concept into a functioning analytical system. Next, we address two scientific challenges: 1) to understand, quantify, and baseline phenomenology of social media at scale, and 2) to develop analytical methodologies to detect and investigate events of interest. This paper then documents computational methods and reports experimental findings that address these challenges. Ultimately, the ability to process billions of social media posts per week over a period of years enables the identification of patterns and predictors of tactical and strategic concerns at an unprecedented rate through SociAL Sensor Analytics (SALSA).
In this paper, we discuss the efforts underway at the Pacific Northwest National Laboratory in understanding the dynamics of multi-party discourse across a number of communication modalities, such as email, instant messaging traffic and meeting data. Two prototype systems are discussed. The Conversation Analysis Tool (ChAT) is an experimental test-bed for the development of computational linguistic components and enables users to easily identify topics or persons of interest within multi-party conversations, including who talked to whom, when, the entities that were discussed, etc. The Retrospective Analysis of Communication Events (RACE) prototype, leveraging many of the ChAT components, is an application built specifically for knowledge workers and focuses on merging different types of communication data so that the underlying message can be discovered in an efficient, timely fashion.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.