Collaborative Data Analysis and Discovery for Cyber Security

In this paper, we present the Cyber Analyst Real-Time Integrated Notebook Application (CARINA). CARINA is a collaborative investigation system that aids in decision making by co-locating the analysis environment with centralized cyber data sources, and providing next generation analysts with increased visibility to the work of others. In current generation cyber work, tools limit analyst’s ability to collaborate, often relying on individual record keeping which hinders their ability to reflect on their own work and transition analytic insights to others. While online collaboration technologies have been shown to encourage and facilitate information sharing and group decision making in multiple contexts, no such technology exists today in cyber. Using visualization and annotation, CARINA leverages conversation and ad hoc thought to coordinate decisions across an organization. CARINA incorporates features designed to incentivize positive information-sharing behaviors, and provides a framework for incorporating recommendation engines and other analytics to guide analysts in the discovery of related data or analyses. In this paper, we present the user research that informed the development of CARINA, discuss the functionality of the system, and outline potential use cases. We also discuss future research trajectories and implications for cyber researchers and practitioners.

[1]  P. Pirolli,et al.  The Sensemaking Process and Leverage Points for Analyst Technology as Identified Through Cognitive Task Analysis , 2007 .

[2]  Sergio Caltagirone,et al.  The Diamond Model of Intrusion Analysis , 2013 .

[3]  M. A. Champion,et al.  Team-based cyber defense analysis , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[4]  Nicklaus A. Giacobe A Picture is Worth a Thousand Alerts , 2013 .

[5]  Mark T. Maybury Toward the Assured Cyberspace Advantage: Air Force Cyber Vision 2025 , 2015, IEEE Security & Privacy.

[6]  Jonathan Earthy,et al.  The Benefits of Using ISO 13407: Human Centred Design Process for Interactive Systems , 2001, INTERACT.

[7]  Carl Gutwin,et al.  Supporting Informal Collaboration in Shared-Workspace Groupware , 2008, J. Univers. Comput. Sci..

[8]  Tanja Engelmann,et al.  Knowledge and information awareness for initiating transactive memory system processes of computer-supported collaborating ad hoc groups , 2010, Comput. Hum. Behav..

[9]  Michael D. McNeese,et al.  A human-in-the-loop approach to understanding situation awareness in cyber defence analysis , 2013, EAI Endorsed Trans. Security Safety.

[10]  Nancy J. Cooke,et al.  Effects of Teamwork versus Group Work on Signal Detection in Cyber Defense Teams , 2013, HCI.

[11]  Nancy J. Cooke,et al.  Advances in Measuring Team Cognition , 2003 .

[12]  Nalini Kotamraju,et al.  Data-driven persona development , 2008, CHI.

[13]  Nancy J. Cooke,et al.  Influence of Team Communication and Coordination on the Performance of Teams at the iCTF Competition , 2012 .

[14]  Michael D. McNeese,et al.  Effects of Integrated and Differentiated Team Knowledge Structures on Distributed Team Cognition , 2012 .

[15]  M. Dixit,et al.  Tata McGraw Hill Education Private Limited , 2015 .

[16]  G. Ahuja Collaboration Networks, Structural Holes, and Innovation: A Longitudinal Study , 1998 .

[17]  Gregory J. Funke,et al.  Capturing Performance in Cyber Human Supervisory Control , 2015 .