Situ: Identifying and Explaining Suspicious Behavior in Networks

Goodall, John R.; Ragan, Eric D.; Steed, Chad A.; Reed, Joel W.; Richardson, Gregory D.; Huffer, Kelly M. T.; Bridges, Robert A.; Laska, Jason A.

doi:10.1109/tvcg.2018.2865029

Cited by 60 publications

(38 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data Collection [37], [47], [80], [103], [104], [107], [111], [127]- [132] Analysis & Detection [13], [35], [41], [43], [55], [56], [84], [133]- [157] Presentation [9], [12], [13], [80], [97], [99], [112], [127], [158]- [170] V-B2). As the interface between people and machines, the presentation of data and analysis results is of particular interest in a SOC context.…”

Section: Technology Referencesmentioning

confidence: 99%

“…However, they also present the model visually to enable the machine learning model's decisions to be understood. The Situ platform [13] has the goal to visualize the context of an incident for leveraging the experience of security experts. In contrast to the approaches described above, the CyberCOP [12], [99], [160] platform relies on three-dimensional visualization.…”

Section: ) Presentationmentioning

confidence: 99%

“…Identifying threats and incidents gets increasingly harder as IT infrastructures grow and expand from the cyberspace into the physical world, for example through the use of cyberphysical systems [83]. Current automated threat detection tools work pretty well for detecting well-known attacks, as they operate based on signatures and attack patterns [13], [159]. Therefore, unknown situations remain undetected as no rule is defined for them yet.…”

Section: ) Integration Of Domain Knowledgementioning

confidence: 99%

“…We identified some work partially relevant to our approach which is trying to get a more hands-on understanding of SOCs. The authors of the respective publications use semistructured interviews [2], [7]- [11], on-site visits [2], [12], case studies [13], or ethnographic fieldwork [14]- [17]. These publications derive their definition of SOCs following a bottom-up approach leading to a limited understanding of SOCs.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

Section: Technology Referencesmentioning

confidence: 99%

Section: ) Presentationmentioning

confidence: 99%

Section: ) Integration Of Domain Knowledgementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

“…Liao and Striegel (Liao and Striegel 2012) propose a differential anomaly visualization by reducing the granularity of network components to communities which increases network shift tolerance and scalability. Situ (Goodall et al 2019) is a visualization platform that takes in a stream of network data and performs probability-based anomaly detection before presenting information on suspicious IPs through multiple views.…”

Section: Related Workmentioning

confidence: 99%

Visualization of Anomalies using Graph-Based Anomaly Detection

Paudel

Tharp²,

Kaiser

et al. 2021

FLAIRS

View full text Add to dashboard Cite

Network protocol analyzers such asWireshark are valuable for analyzing network traffic but pose a challenge in that it can be difficult to determine which behaviors are out of the ordinary due to the volume of data that must be analyzed. Network anomaly detection systems can provide vital insights to security analysts to supplement protocol analyzers, but this feedback can be difficult to interpret due to the complexity of the algorithms used and the lack of context to determine the reasoning for which an event was labeled as anomalous. We present an approach for visualizing anomalies using a graph-based anomaly detection methodology that aims to provide visual context to network traffic. We demonstrate the approach using network traffic flows as an approach for aiding in the investigation and triage of anomalous network events. The simplicity of a visual representation supports fast analysis of anomalous traffic to identify true positives from false positives and prevent further potential damage.

show abstract

How level of explanation detail affects human performance in interpretable intelligent systems: A study on explainable fact checking

et al. 2021

Self Cite

View full text Add to dashboard Cite

Explainable artificial intelligence (XAI) systems aim to provide users with information to help them better understand computational models and reason about why outputs were generated. However, there are many different ways an XAI interface might present explanations, which makes designing an appropriate and effective interface an important and challenging task. Our work investigates how different types and amounts of explanatory information affect user ability to utilize explanations to understand system behavior and improve task performance. The presented research employs a system for detecting the truthfulness of news statements. In a controlled experiment, participants were tasked with using the system to assess news statements as well as to learn to predict the output of the AI. Our experiment compares various levels of explanatory information to contribute empirical data about how explanation detail can influence utility. The results show that more explanation information improves participant understanding of AI models, but the benefits come at the cost of time and attention needed to make sense of the explanation.

show abstract

Situ: Identifying and Explaining Suspicious Behavior in Networks

Cited by 60 publications

References 35 publications

Security Operations Center: A Systematic Study and Open Challenges

Security Operations Center: A Systematic Study and Open Challenges

Visualization of Anomalies using Graph-Based Anomaly Detection

How level of explanation detail affects human performance in interpretable intelligent systems: A study on explainable fact checking

Contact Info

Product

Resources

About