Adapting level of detail in user interfaces for Cybersecurity operations

As cybersecurity threats increasingly appear in news headlines, the security industry continues to build state of the art firewall and intrusion detection systems for monitoring activities in complex cyber networks. These systems generate millions of log files and continuous alerts. In order to make sense of cyber data, cyber security and system administrators review and analyze millions of logs using highly summarized views and manual cycles of click-intensive details-on-demand. This is laborious, induces cognitive overload, and is prone to errors resulting in important information and impacts not being seen when most needed. Our research focus is on developing “FocalPoint” a system that provides Adaptive Level of Detail (LOD) in user interfaces for cybersecurity operations. FocalPoint is a recommender system tailored for complex network information structures that reasons about contextual information associated with the network, user tasks, and cognitive load. This facilitates tuning cyber visualization displays thereby improving user performance in perception, comprehension and projection of current Cybersecurity Situational Awareness (Cyber SA). For cyber analysts, having the right information, in context, when most needed without cognitive overload could lead to effective decision making in cyber operations. We provide a use case scenario for FocalPoint with an in-progress prototype and highlight various challenges and potential considerations for building an effective adaptive system.

[1]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[2]  Michael G. Hinchey,et al.  KnowLang: Knowledge Representation for Self-Adaptive Systems , 2015, Computer.

[3]  Michael D. Byrne,et al.  Modeling the Visual Search of Displays: A Revised ACT-R Model of Icon Search Based on Eye-Tracking Data , 2006, Hum. Comput. Interact..

[4]  Daniel M. Best,et al.  Clique: Situational Awareness through Behavior , 2015, IT Professional.

[5]  Suku Nair,et al.  A Predictive Framework for Cyber Security Analytics using Attack Graphs , 2015, ArXiv.

[6]  Gerhard Fischer,et al.  User Modeling in Human–Computer Interaction , 2001, User Modeling and User-Adapted Interaction.

[7]  Brian P. Bailey,et al.  On the need for attention-aware systems: Measuring effects of interruption on task performance, error rate, and affective state , 2006, Comput. Hum. Behav..

[8]  Konstantin Ryabinin,et al.  Development of ontology-based multiplatform adaptive scientific visualization system , 2015, J. Comput. Sci..

[9]  HorvitzEric,et al.  Models of attention in computing and communication , 2003 .

[10]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[11]  Eric Horvitz,et al.  Models of attention in computing and communication , 2003, Commun. ACM.

[12]  Vasilios Zarikas,et al.  Modeling decisions under uncertainty in adaptive user interfaces , 2007, Universal Access in the Information Society.

[13]  Alfred Kobsa,et al.  User Modeling, Adaptation, and Personalization, 18th International Conference, UMAP 2010, Big Island, HI, USA, June 20-24, 2010. Proceedings , 2010, UMAP.

[14]  Jianqiang Shen,et al.  Activity recognition in desktop environments , 2009 .

[15]  Benjie Tang,et al.  The effect of divided attention on novices and experts in laparoscopic task performance , 2015, Surgical Endoscopy.

[16]  Cristina Conati,et al.  Highlighting interventions and user differences: informing adaptive information visualization support , 2014, CHI.

[17]  Mohamed Nazih Omri,et al.  Web User Interact Task Recognition Based on Conditional Random Fields , 2015, CAIP.

[18]  Samee Ullah Khan,et al.  A survey on context-aware recommender systems based on computational intelligence techniques , 2015, Computing.

[19]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[20]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[21]  Saskia Koldijk,et al.  Look what you've done! Task recognition based on PC activities , 2011 .

[22]  Michael C. Dorneich,et al.  Towards a Characterization of Adaptive Systems: a Framework for Researchers and System Designers , 2017 .

[23]  Okan Topçu,et al.  Adaptive decision making in agent-based simulation , 2014, Simul..

[24]  Anthony Jameson,et al.  When actions have consequences: empirically based decision making for intelligent user interfaces , 2001, Knowl. Based Syst..

[25]  Catherine Inibhunu,et al.  Adaptive Visualization of Complex Networks with FocalPoint , 2016 .

[26]  Jan Rauch,et al.  Logic of Association Rules , 2004, Applied Intelligence.

[27]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[28]  Chris North,et al.  Visualizing cyber security: Usable workspaces , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[29]  Andrea M Philipp,et al.  Control and interference in task switching--a review. , 2010, Psychological bulletin.

[30]  Arjan Kuijper,et al.  A Reference Model for Adaptive Visualization Systems , 2011, HCI.

[31]  A. Jameson Adaptive interfaces and agents , 2002 .

[32]  Silvia Rossi,et al.  A Bayesian approach for task recognition and future human activity prediction , 2014, The 23rd IEEE International Symposium on Robot and Human Interactive Communication.

[33]  Eric Horvitz,et al.  Uncertainty, Action, and Interaction: In Pursuit of Mixed-Initiative Computing , 2016 .

[34]  Julie Thomas,et al.  Attention aware systems: Theories, applications, and research agenda , 2006, Comput. Hum. Behav..

[35]  William Wright,et al.  nCompass Service Oriented Architecture for Tacit Collaboration Services , 2009, 2009 13th International Conference Information Visualisation.

[36]  S. Grossberg The Link between Brain Learning, Attention, and Consciousness , 1999, Consciousness and Cognition.

[37]  Mohamed Medhat Gaber,et al.  Situation-Aware Adaptive Visualization for Sensory Data Stream Mining , 2008, KDD Workshop on Knowledge Discovery from Sensor Data.