Enhancing cyber situation awareness for Non-Expert Users using visual analytics

Situation awareness is often described as the perception and comprehension of the current situation, and the projection of future status. Whilst this may be understood in an organisational cybersecurity context, there is a strong case to be made for effective cybersecurity situation awareness that is tailored to the needs of the Non-Expert User (NEU). Our online usage habits are rapidly evolving with smartphones and tablets being widely used to access resources online. In order for NEUs to remain safe online, there is a need to enhance awareness and understanding of cybersecurity concerns, such as how devices may be acting online, and what data is being shared between devices. In this paper, we explore the notion of personal situation awareness for NEUs. We conduct a small-scale study to understand how NEUs perceive cybersecurity. We also propose how visual analytics could be used to help encourage NEUs to actively monitor and observe their activity for greater online awareness. The guidance developed through the course of this work can help practitioners develop tools that could help NEUs better understand their online actions, with the aim to result in safer experiences when acting online.

[1]  Jarke J. van Wijk,et al.  SNAPS: Semantic network traffic analysis through projection and selection , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[2]  Tomasz Bednarz,et al.  Affective and Effective Visualisation: Communicating Science to Non-expert Users , 2014, 2014 IEEE Pacific Visualization Symposium.

[3]  Chris North,et al.  Home-centric visualization of network traffic for security administration , 2004, VizSEC/DMSEC '04.

[4]  Liam M. Mayron,et al.  Cognitive cyber situational awareness using virtual worlds , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[5]  Tran Khanh Dang,et al.  A survey on security visualization techniques for web information systems , 2013, Int. J. Web Inf. Syst..

[6]  Raheem A. Beyah,et al.  A Visualization Framework for Self-Monitoring of Web-Based Information Disclosure , 2008, 2008 IEEE International Conference on Communications.

[7]  David R. Karger,et al.  Eyebrowse: real-time web activity sharing and visualization , 2010, CHI Extended Abstracts.

[8]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[9]  John T. Stasko,et al.  Personalized Peripheral Information Awareness Through Information Art , 2004, UbiComp.

[10]  Philip A. Legg,et al.  Visualizing the insider threat: challenges and tools for identifying malicious user activity , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[11]  Johanna Fulda Interactive Non-Expert Information Visualizations and their Evaluation Beyond Time and Error , 2014 .

[12]  Todd Miller InfoCanvas: A Highly Personalized, Elegant Awareness Display , 2003 .

[13]  John T. Stasko,et al.  Casual Information Visualization: Depictions of Data in Everyday Life , 2007, IEEE Transactions on Visualization and Computer Graphics.

[14]  Dino Schweitzer,et al.  Using visualization to teach security , 2009 .

[15]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[16]  Jonathan C. Roberts,et al.  Contextual network navigation to provide situational awareness for network administrators , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[17]  Greg Conti Security data visualization , 2007 .

[18]  M. Sheelagh T. Carpendale,et al.  Personal Visualization and Personal Visual Analytics , 2015, IEEE Transactions on Visualization and Computer Graphics.

[19]  Arnaud Legout,et al.  Meddle: Enabling Transparency and Control for Mobile Internet Traffic , 2015 .