WhyViz – Transforming Cyber data into Human-Centered Visualizations

The goal of WhyViz is to conduct a study of the effectiveness of visualizations on cyber operator performance during the early stages of incident handling, which require defense analysts to review an endless alert queue of cyber event data to identify, record, and report suspicious behavior or cyber events of interest. Most cyber security visualizations are currently used for historical analyses, however, as part of the WhyViz project, Secure Decisions will develop visualizations to support real-time, in situ processing that is actually being performed by cyber operators to facilitate event detection and preliminary event analysis.

In Phase I of this Small Business Innovation Research (SBIR), we applied knowledge elicitation (KE) methods to define specific examples of cognitive work that occur in the early stages of incident handling that have the potential for being enhanced (faster, more accurate, more complete) through the use of visualizations by the cyber operator. This cognitive work took the form of the operator seeking to answer specific analytic questions using the available data, in a severely time-constrained work environment. A KE with domain practitioners revealed that cyber operators regularly ask fundamental analytical questions that cut across specific tasks and roles. Our research identified the type of information operators need to answer these questions, the visualization concepts that represent that information in a visual form that can be rapidly comprehended and acted on, and methods to transform raw cyber sensor data into a form that can be used to populate the visualizations. In Phase II of the project (in progress) we will conduct an experiment to objectively evaluate the effects of these visualizations on operator performance.

In Phase II of the project (in progress) we are conducting an experiment to objectively evaluate the effects of these visualizations on cyber defense analyst performance.  We are currently actively seeking candidates to participate in the experiment.

Contract No: FA8650-16-C-6711
DISTRIBUTION STATEMENT A.  Approved for public release:  distribution is unlimited.  88ABW Cleared 02/08/2017; 88ABW-2017-0518.

Cyber Defenders and Incident Responders

We need your expertise

We are conducting an experiment funded by the United States Air Force Research Laboratory, to objectively evaluate the effectiveness of visualizations to enhance performance of cyber defenders.

Who is eligible

  • Cyber defenders with at least 3 years real world experience
  • College students who compete in cyber competitions
  • Be at least 18 years old

Still interested? Read on below.

What you will do

Participants will be asked to use visualizations of data associated with potential cyber incidents and answer a series of questions. You will be asked to provide your feedback on the visualizations presented.

The experiment and training will be conducted online beginning in October 2017, no travel necessary. Your total time commitment is expected to be approximately 2 hours.

We are measuring the value of the visualizations, not your skills. All information about the experiment participants will remain confidential. The data collected during the experiment, along with your feedback will be aggregated to assess and evaluate the impact of the visualizations on the process.

Why you should do this

Your skills can help move the research in the use of visualizations for cyber defense forward. The expertise you have acquired through training and application are essential to understanding the visualizations, and your feedback is vital.

All we ask is your time, your expertise, and your opinion; there is no cost to participate.

If interested in participating, or for more information, email us at whyviz@securedecisions.com.