Dustin L. Arendt, Lyndsey R. Franklin, Fumeng Yang, Brooke R. Brisbois, Ryan R. LaMothe
{"title":"Crush Your Data with ViC2ES Then CHISSL Away","authors":"Dustin L. Arendt, Lyndsey R. Franklin, Fumeng Yang, Brooke R. Brisbois, Ryan R. LaMothe","doi":"10.1109/VIZSEC.2018.8709212","DOIUrl":null,"url":null,"abstract":"Insider Threat Detection is one of the greatest challenges for organizational cybersecurity [2]. In this paper, we designed and evaluated visually compressed cyber event sequence (ViC2ES) to assist analysts with building mental models about user activity for Insider Threat Detection. Our visualizations, which show user activity on a daily level, are purpose-built to be embedded in our in-house active learning tool called \"CHISSL.\" [3], [4] We explored different visual compression techniques with binning or run length encoding, resulting in four unique designs built upon the same icon array presentation. We evaluated these four designs for both low-level and high-level tasks in two experiments: in Experiment I, participants performed perceptual tasks such as selecting the most and least similar activities for each of the designs; in Experiment II, participants used one of the designs in CHISSL for eleven reasoning tasks. The results suggest that participants preferred the high level of aggregation, but made the fewest errors with the low level of aggregation; they were able to interact with CHISSL and accomplish the tasks using both designs. We believe our aggregated designs are effective regarding both task performance and screen space; the high and low levels of aggregation designs are valid for user activity modeling.","PeriodicalId":412565,"journal":{"name":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VIZSEC.2018.8709212","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Insider Threat Detection is one of the greatest challenges for organizational cybersecurity [2]. In this paper, we designed and evaluated visually compressed cyber event sequence (ViC2ES) to assist analysts with building mental models about user activity for Insider Threat Detection. Our visualizations, which show user activity on a daily level, are purpose-built to be embedded in our in-house active learning tool called "CHISSL." [3], [4] We explored different visual compression techniques with binning or run length encoding, resulting in four unique designs built upon the same icon array presentation. We evaluated these four designs for both low-level and high-level tasks in two experiments: in Experiment I, participants performed perceptual tasks such as selecting the most and least similar activities for each of the designs; in Experiment II, participants used one of the designs in CHISSL for eleven reasoning tasks. The results suggest that participants preferred the high level of aggregation, but made the fewest errors with the low level of aggregation; they were able to interact with CHISSL and accomplish the tasks using both designs. We believe our aggregated designs are effective regarding both task performance and screen space; the high and low levels of aggregation designs are valid for user activity modeling.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
