Coordinated Displays to Assist Cyber Defenders

Abstract

Cyber network analysts must gather evidence from multiple sources and ultimately decide whether or not suspicious activity represents a threat to network security. Information relevant to this task is usually presented in an uncoordinated fashion, meaning analysts must manually correlate data across multiple databases. The current experiment examined whether analyst performance efficiency would be improved by coordinated displays, i.e., displays that automatically link relevant information across databases. We found that coordinated displays nearly doubled performance efficiency, in contrast to the standard uncoordinated displays, and coordinated displays resulted in a modest increase in threat detections. These results demonstrate that the benefits of coordinated displays are significant enough to recommend their inclusion in future cyber defense software.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 23, 2016
Accession Number
AD1021940

Entities

People

  • Alex Vieane
  • Brent Miller
  • Brett J. Borghetti
  • Eric Greenlee
  • Gregory Dye
  • Gregory Funke
  • Lauren Menke
  • Rebecca S Brown
  • Vincent Mancuso

Organizations

  • Colorado State University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Human Systems

DTIC Thesaurus Topics

  • Air Force
  • Computer Network Security
  • Computer Networks
  • Computer Programs
  • Cyber Defense Techniques
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Data Analysis
  • Detection
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Malware
  • Network Protocols
  • Psychology
  • Training

Readers

  • Computer Vision.
  • Cybersecurity.
  • Economics

Technology Areas

  • Cyber