Secure Decisions to Evaluate Effectiveness of Visualizations for Cyber Defense
Northport, NY — November 28, 2016 — Secure Decisions, the cyber security division of Applied Visions, Inc. and a recognized leader in applying visualization techniques to overcome cyber challenges, has been selected by the Air Force Research Lab (AFRL) for a Phase II Small Business Innovation Research (SBIR) contract to transform cyber data into human-centered visualizations. The goal of Secure Decisions’ WhyViz project is to find innovative ways to transform and visualize cyber data that support cyber defenders’ cognitive needs to perform specific cyber defense activities and then evaluate the effectiveness of those visualizations to enhance their performance.
Cyber security has historically been viewed primarily as a technical problem. The sheer speed of cyber attacks has caused most R&D efforts to focus on automating attack detection and response. However, human cyber operators continue to perform many cognitively intense activities, such as discovering incidents that don’t fit automated attack detection profiles, determining whether alerts are true or false positives, and assessing the operational impact of a cyber incident, all while working in a severely time-constrained work environment.
Organizations are seeking visualizations of cyber data to make cyber operators’ interpretation of it faster and more immediately actionable. Effective visualization of cyber data has many inherent challenges, however. There are a variety of roles in cyber defense — such as incident handler, vulnerability analyst, and forensic analyst — and each role has its own objectives, activities, and decisions. These roles and tasks vary greatly between organizations. Laurin Buchanan, Principal Investigator for WhyViz, noted, “Visualizations that may be effective for assessing trends in historical cyber data may not be effective in supporting an operator’s rapid assessment of suspicious activity to throw out false positives.” To date, no standard framework exists for evaluating cyber visualization effectiveness, and there are few scientific studies published on the effects of visualizations on actual cyber operator performance. The WhyViz project seeks to change this.
Under a 27-month Phase II initiative begun in August 2016, WhyViz will build upon the work completed in Phase I — determining which decisions were made by cyber incident handlers, and designing an experiment to determine the efficacy of visualizations in making those decisions. In Phase II, the WhyViz team (a multi-disciplinary group including cyber practitioners with hands-on experience in cyber defense, computer scientists, human factors and cognitive psychologists, and visual designers) will develop visualizations and software to execute the formal experiment.
The goal of the formal experiment is to measure the effects that visualizations have on cyber defenders’ cognitive task performance, and to comparatively evaluate how different types of visualizations influence their performance during the early stages of the cyber incident handling process. The WhyViz team will seek experiment participants who are current or recent cyber defenders with hands-on experience in the incident handling process from both the Department of Defense and commercial sector, as well as college students who have participated in cyber competitions, such as the National Collegiate Cyber Defense Competition.
The WhyViz experiment will be hosted in the cloud, allowing participants to connect to the online experiment from anywhere and at a time that is convenient to them, rather requiring in-person participation. Cloud-based research will help secure the participation of a more diverse group, including more experienced practitioners. Ms. Buchanan stated, “With experiment participation from both established professionals and novices, WhyViz may be able to answer another important question: are the same visualizations equally effective for both novices and professionals?”
This material is based on work funded by United States Air Force Research Laboratory under Contract No. FA8650-16-C-6711 with Secure Decisions. The material has been approved for public release and unlimited distribution.
About Secure Decisions:
Secure Decisions was created as a division of Applied Visions, Inc. to conduct R&D and develop innovative technologies in cyber security including network defense, infrastructure protection, application security, intelligence analysis, and data visualization. Secure Decisions develops tools for decision-makers to analyze large amounts of complex data, and to provide cutting-edge security measures to protect their proprietary information. Many of their products were developed under contract from federal and state governments or governmental agencies, including the Department of Homeland Security and DARPA. In 2015, Secure Decisions’ application security R&D led to the development of a new application vulnerability correlation and management system, which is now commercially available through a spin-out company called Code Dx, Inc.
DISTRIBUTION STATEMENT A. Approved for public release: distribution is unlimited. 88ABW Cleared 02/08/2017; 88ABW-2017-0518.