Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design

Franklin, Lyndsey; Pirrung, Meg; Blaha, Leslie M.; Dowling, Michelle; Feng, Mingyue

doi:10.1109/vizsec.2017.8062200

Cited by 17 publications

(12 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, they focus on interactive visualizations, but not on XAI methods. In [46], the authors focus on developing a visual analytics tool for supporting cyber analysts in making decisions when dealing with intrusion detection alerts. However, the authors also do not consider explanations in XAI.…”

Section: Related Workmentioning

confidence: 99%

“…In summary, it is observed in [38,39,41,42] proposals aiming for the integration of explanations in a fraud detection context. Within visual analytics literature, it is also observed studies aiming to support the decision-making of fraud experts through visualizations [21,45,46]. However, a social and user-centered perspective has been lacking in those works, by first understanding the needs of fraud experts for explanations This is an open access post-print version; the final authenticated version is available online at https://link.springer.com/chapter/10.1007/978-3-030-57321-8_18 by © IFIP International Federation for Information Processing 2020.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Scenario-Based Requirements Elicitation for User-Centric Explainable AI

Cirqueira

Nedbal

Helfert

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Explainable Artificial Intelligence (XAI) develops technical explanation methods and enable interpretability for human stakeholders on why Artificial Intelligence (AI) and machine learning (ML) models provide certain predictions. However, the trust of those stakeholders into AI models and explanations is still an issue, especially domain experts, who are knowledgeable about their domain but not AI inner workings. Social and user-centric XAI research states it is essential to understand the stakeholder's requirements to provide explanations tailored to their needs, and enhance their trust in working with AI models. Scenariobased design and requirements elicitation can help bridge the gap between social and operational aspects of a stakeholder early before the adoption of information systems and identify its real problem and practices generating user requirements. Nevertheless, it is still rarely explored the adoption of scenarios in XAI, especially in the domain of fraud detection to supporting experts who are about to work with AI models. We demonstrate the usage of scenario-based requirements elicitation for XAI in a fraud detection context, and develop scenarios derived with experts in banking fraud. We discuss how those scenarios can be adopted to identify user or expert requirements for appropriate explanations in his daily operations and to make decisions on reviewing fraudulent cases in banking. The generalizability of the scenarios for further adoption is validated through a systematic literature review in domains of XAI and visual analytics for fraud detection.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Scenario-Based Requirements Elicitation for User-Centric Explainable AI

Cirqueira

Nedbal

Helfert

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Most of an analyst's time is spent responding to incidents which usually have priority over exploring data for new attacks (Franklin et al, 2017). When analysts use exploratory data analysis, they can both respond to current alerts as well as answer hypothesis about the broader set at the same time.…”

Section: Cybersecurity Visualizationsmentioning

confidence: 99%

A Service Architecture Using Machine Learning to Contextualize Anomaly Detection

Laughlin

Sankaranarayanan

El-Khatib

2020

Journal of Database Management

View full text Add to dashboard Cite

This article introduces a service that helps provide context and an explanation for the outlier score given to any network flow record selected by the analyst. The authors propose a service architecture for the delivery of contextual information related to network flow records. The service constructs a set of contexts for the record using features including the host addresses, the application in use and the time of the event. For each context the service will find the nearest neighbors of the record, analyze the feature distributions and run the set through an ensemble of unsupervised outlier detection algorithms. By viewing the records in shifting perspectives one can get a better understanding as to which ways the record can be considered an anomaly. To take advantage of the power of visualizations the authors demonstrate an example implementation of the proposed service architecture using a linked visualization dashboard that can be used to compare the outputs.

show abstract

“…NStreamAware [9] leverages timelines with sliding slices and feature selection. L. Franklin et al propose a design for an alerts management system resulting in an inbox metaphor prototype [10], with mail displayed on a timeline. In our proposition the design integrates the concept of timeline with the different teams and escalation process of SOCs.…”

Section: Related Workmentioning

confidence: 99%

Enhancing Collaboration Between Security Analysts in Security Operations Centers

Crémilleux

Bidan

Majorczyk

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Security Operations Centers (SOCs) collect data related to the information systems they protect and process it to detect suspicious activities. In this paper we explain how a SOC is organized, we highlight the current limitations of SOCs and their consequences regarding the performance of the detection service. We propose a new collaboration process to enhance the cooperation between security analysts in order to quickly process security events and define a better workflow that enables them to efficiently exchange feedback. Finally, we design a prototype corresponding to this new model.

show abstract

Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design

Cited by 17 publications

References 27 publications

Scenario-Based Requirements Elicitation for User-Centric Explainable AI

Scenario-Based Requirements Elicitation for User-Centric Explainable AI

A Service Architecture Using Machine Learning to Contextualize Anomaly Detection

Enhancing Collaboration Between Security Analysts in Security Operations Centers

Contact Info

Product

Resources

About