Coordinated Displays to Assist Cyber Defenders

Vieane, Alex; Funke, Gregory; Mancuso, Vincent; Greenlee, Eric; Dye, Gregory; Borghetti, Brett; Miller, Brent; Menke, Lauren; Brown, Rebecca

Coordinated Displays to Assist Cyber Defenders

Active / Technical Report | Accession Number: AD1021940 |

Open PDF

Abstract:

Cyber network analysts must gather evidence from multiple sources and ultimately decide whether or not suspicious activity represents a threat to network security. Information relevant to this task is usually presented in an uncoordinated fashion, meaning analysts must manually correlate data across multiple databases. The current experiment examined whether analyst performance efficiency would be improved by coordinated displays, i.e., displays that automatically link relevant information across databases. We found that coordinated displays nearly doubled performance efficiency, in contrast to the standard uncoordinated displays, and coordinated displays resulted in a modest increase in threat detections. These results demonstrate that the benefits of coordinated displays are significant enough to recommend their inclusion in future cyber defense software.

Author(s):

Vieane, Alex ; Funke, Gregory ; Mancuso, Vincent ; Greenlee, Eric ; Dye, Gregory ; Borghetti, Brett ; Miller, Brent ; Menke, Lauren ; Brown, Rebecca

Author Organization(s):

Colorado State University Fort Collins United States

Descriptive Note:

Conference Paper

Supplementary Note:

Human Factors and Ergonomics Society 2016 Annual Meeting, 19 Sep 2016, 23 Sep 2016,

Pagination:

0006

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

FA8650-14-D-6501-0009

Task Number(s):

08

Project Number(s):

5329

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_7_Protection; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_6.4.2_Protect Data and Networks; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_5_Command and Control; JCA_5.5.2_Task; JCA_5.5_Direct; JCA_1.2.7_Experimentation; JCA_8_Building Partnerships; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_8.2_Shape; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

computer network security, cyber defense techniques, intrusion detection systems, network protocols, cyberattacks, malware, Experimental Design, training

Field(s)/Group(s):

Cybernetics

Keyword(s):

Cyber network analysts, cyber defense, coordinated displays

Report Date:

2016 Sep 23

Creation Date:

2017 Dec 01