Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visualizing Cyber Security: Usable Workspaces Glenn A. Fink, Christopher L. North, Alex Endert, Stuart Rose.

Published byReynold Stafford Modified over 9 years ago

Similar presentations

Presentation on theme: "Visualizing Cyber Security: Usable Workspaces Glenn A. Fink, Christopher L. North, Alex Endert, Stuart Rose."— Presentation transcript:

1 Visualizing Cyber Security: Usable Workspaces Glenn A. Fink, Christopher L. North, Alex Endert, Stuart Rose

2 What did we do? 2  How can we design visual workspaces that aid Cyber Security?  Monitor networks for intrusions  Analyze network logs, process logs, email logs, etc.  Tons of data?  Lots of windows and tools?

3 Let’s give the user more space ! 3

4 Large, High-Resolution Displays 4 (8) 30-inch high-res LCD Panels 33 Megapixel total resolution (10,240 x 3,200) Projector = ~ 4% of that!!! “Single PC” Architecture Curved for optimal individual use

5 Methods 5 1. Semi-Structured Interviews (8 professional cyber analysts)  Typical tasks and data?  Work style?  E.g., Collaboration? Multi-tasking? Time constraints?  Office setup  What does your finished analysis product contain? 2. User study (4 cyber analysts, VAST09 dataset)  2 sources of data: Building/room access records (Prox) and simulated computer network flows  HINT: making connections between the sources is key!  Tools provided: Excel, Spotfire, Windows XP 3. Feedback from the analysts on our prototypes.

6 Key “Ethnographic” Discoveries 6 1. Data sources reside in separate tools 2. Analysts spend much time doing low-level tasks 3. They distrust visualizations 4. They are on a “Quest for a Query” 5. Cyber data comes in huge volumes and velocities 6. Cyber data comes from many diverse sources 7. Analysts seek direct access to the data 8. Analysts routinely conduct a large number of tasks in parallel (multi-tasking)

7 1. Data Resides in Different Tools 7  Used space for visual path  Rote mechanical process  Analyst: “Tedious!”

8 2. Low-level Tasks 8  Analysts filter out the “normal”  line-by-line  Seek patterns of familiar abnormalities  Previous experience creates personal “hit list”  Analysts observe data individually, not in connection with whole dataset Mandiant Highlighter

9 3. Distrust of Visualizations 9  Analyst: “Visualizations are in the way of the data”  Visualizations:  May be too slow  May hide important, small details  Analysts can only see, not manipulate the data

10 4. Quest for a “Query” 10  “Query” != SQL query  “Query” is the question that finds the answer you have  Cumulative result of interaction with variety of tools  The process of forming this query is key!  Is this process “querifiable”?

11 Guidelines for Usable Workspaces 11  Multi-scale Visualizations  De-Aggregate Vital Information  Support multiple, simultaneous investigation cases  Provide history and traceability for investigations

12 Large, High-Resolution Visualization 12  Visibility of patterns at multiple scales  Provides overview and detail

13 De-Aggregate Vital Information 13  Provides analyst with situational awareness  More upfront information, while maintaining overview  Less “interaction junk”

14 Multiple Simultaneous Cases 14  Shows live data  Real time updating  Analyst can set alerts for monitoring  Enables collaboration by sharing cases

15 History and Traceability 15  “History Trees”: concept providing traceability and history of analyst’s workflow A visualization should be the means for a user to interact and think.

16 Intelligence vs. Cyber Analytics 16 Stegosaurus Scenario (Intelligence Analytics) Cyber Security Scenario (Cyber Analytics) Creating a story about the threat. Product = story Working on task generates process (at times “querifiable”) Product = query Work done in a visual space. (Sensemaking Process) Work done within tools. (Tools to Process the Data) Rely on Visualizations.Rely on Linux Command Line. Un-, semi-, and structured data.Mainly structured data. (packet, etc.) Lots of data.Even more data! Interactions organize the information spatially.Interactions filter the information. Information takes on personalized meaning (not “Excel” window, but “[x] data over here”) Information maintains “version of file” or “Excel window” meaning to analyst Vid

17 Studying User and Tools 17 Ethnographic Study Get to know the user and domain Can be confidential at times Qualitative information Detailed info on particular user and domain/task Takes long time / lots of effort Lab Study Repeatability Ground Truth = measurable Quantitative Easy to report stats Detailed findings about user and tool Short study duration “Controlled”

18 Beyond Usability: 18 Ethnographic Study Get to know the user and domain Can be confidential at times Qualitative information Detailed info on particular user and domain/task Takes long time / lots of effort Lab Study Repeatability Ground Truth = measurable Quantitative Easy to report stats Detailed findings about user and tool Short study duration “Controlled”

19 Beyond Usability: Controlled Ethnography 19 Ethnographic Study Get to know the user and domain Can be confidential at times Qualitative information Detailed info on particular user and domain/task Takes long time / lots of effort Lab Study Repeatability Ground Truth = measurable Quantitative Easy to report stats Detailed findings about user and tool Short study duration “Controlled” Controlled Ethnography Study the tool and how domain experts use it Control and repeatability of Lab Study in context of domain (ethnography)

20 Beyond Usability: Controlled Ethnography 20 Ethnographic Study Get to know the user and domain Can be confidential at times Qualitative information Detailed info on particular user and domain/task Takes long time / lots of effort Lab Study Repeatability Ground Truth = measurable Quantitative Easy to report stats Detailed findings about user and tool Short study duration “Controlled” Controlled Ethnography Study the tool and how domain experts use it Control and repeatability of Lab Study in context of domain (ethnography) Semi-Structured Interviews User Study with VAST Data

21 Let’s give the user more space ! 21

22 Let’s make the space more useful ! 22 History and Traceability Large, High-Resolution Visualizations Multiple, Simultaneous Investigation cases De-Aggregate Vital Information

23 Opportunities for YOU! 23  VTURCS  REU  “Informal” Research  Take your projects to grad research?

24 Opportunities for YOU!, cont’d 24  Chair Interaction  Translating chair rotation to mouse cursor movement

Download ppt "Visualizing Cyber Security: Usable Workspaces Glenn A. Fink, Christopher L. North, Alex Endert, Stuart Rose."

Similar presentations

HP Quality Center Overview.

HP Quality Center Overview.
Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.

Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.
Agile Usability Testing Methods

Agile Usability Testing Methods
Arthur Fink Page 1 Notes on Designing User Interfaces for OpenEdge GUI for.NET Arthur Fink Arthur Fink Consulting www.arthurfink.com © 2008 by Arthur Fink.

Arthur Fink Page 1 Notes on Designing User Interfaces for OpenEdge GUI for.NET Arthur Fink Arthur Fink Consulting © 2008 by Arthur Fink.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Observing users Chapter 12. Observation ● Why? Get information on.. – Context, technology, interaction ● Where? – Controlled environments – In the field.

Observing users Chapter 12. Observation ● Why? Get information on.. – Context, technology, interaction ● Where? – Controlled environments – In the field.
WHAT IS INTERACTION DESIGN?

WHAT IS INTERACTION DESIGN?
Ultra-High Resolution Information Visualization CS 5764 Sarah Peck, Chris North Credits: Beth Yost, Bob Ball, Christopher Andrews, Mike DellaNoce, Candice.

Ultra-High Resolution Information Visualization CS 5764 Sarah Peck, Chris North Credits: Beth Yost, Bob Ball, Christopher Andrews, Mike DellaNoce, Candice.
Arthur Fink Page 1 Thinking about User Interface Design for OpenEdge GUI for.NET (or any other environment) by Arthur Fink www.ArthurFink.Wordpress.com.

Arthur Fink Page 1 Thinking about User Interface Design for OpenEdge GUI for.NET (or any other environment) by Arthur Fink
1 genSpace: Community- Driven Knowledge Sharing for Biological Scientists Gail Kaiser’s Programming Systems Lab Columbia University Computer Science.

1 genSpace: Community- Driven Knowledge Sharing for Biological Scientists Gail Kaiser’s Programming Systems Lab Columbia University Computer Science.
Chapter 14: Usability testing and field studies. Usability Testing Emphasizes the property of being usable Key Components –User Pre-Test –User Test –User.

Chapter 14: Usability testing and field studies. Usability Testing Emphasizes the property of being usable Key Components –User Pre-Test –User Test –User.
Class 6 LBSC 690 Information Technology Human Computer Interaction and Usability.

Class 6 LBSC 690 Information Technology Human Computer Interaction and Usability.
GenSpace: Exploring Social Networking Metaphors for Knowledge Sharing and Scientific Collaborative Work Chris Murphy, Swapneel Sheth, Gail Kaiser, Lauren.

GenSpace: Exploring Social Networking Metaphors for Knowledge Sharing and Scientific Collaborative Work Chris Murphy, Swapneel Sheth, Gail Kaiser, Lauren.
Live Re-orderable Accordion Drawing (LiveRAC) Peter McLachlan, Tamara Munzner Eleftherios Koutsofios, Stephen North AT&T Research Symposium August, 2007.

Live Re-orderable Accordion Drawing (LiveRAC) Peter McLachlan, Tamara Munzner Eleftherios Koutsofios, Stephen North AT&T Research Symposium August, 2007.
Browsing Hierarchical Data with Multi-level Dynamic Queries and Pruning By H. P. Kumar, C. Plaisant & B. Schneidernam Presented by: Dawit Yimam Seid.

Browsing Hierarchical Data with Multi-level Dynamic Queries and Pruning By H. P. Kumar, C. Plaisant & B. Schneidernam Presented by: Dawit Yimam Seid.
Evaluation Methodologies

Evaluation Methodologies
Law Enforcement Resource Allocation (LERA) Visualization System Michael Welsman-Dinelle April Webster.

Law Enforcement Resource Allocation (LERA) Visualization System Michael Welsman-Dinelle April Webster.
Principles and Methods

Principles and Methods
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Similar presentations

Ads by Google