Evaluation of the Presentation of Network Data via Visualization Tools for Network Analysts
Abstract
In response to chaotic nature of network traffic, making it very difficult to differentiate normal from malicious traffic, we have designed a user study that tests the effectiveness and usefulness of tabular versus graphical displays on such data. The U.S. Army Research Laboratory s (ARL) in-house defense service providers are expert subjects, who undergo a simplified version of their computer network defense (CND) analyst tasks. We use their performance to acquire initial insights to their interpretation of display components, cognitive processes, and contextual knowledge. We quantitatively compare tabular versus graphical displays and compare their feedback with that of students, who serve as primary test subjects for developing visual displays for network monitoring. In this study, all participants act as analysts; their job is to identify evidence of compromise within a dataset of intrusion attempts on the fabricated network visually provided. We observe the participants responses to the pattern matching activity created with interacting with the visual displays. The design variables are the distinct graphical layouts: tabular, parallel coordinates, and node-link. The response variables are true positive and false positive rates of event identification, the time required for event identification, and the qualitative questionnaire. Results help us better understand which of the visual layouts is most effective and useful for predicting cyber attacks.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2014
- Accession Number
- ADA601647
Entities
People
- Christopher Garneau
- Renee E. Etoty
- Robert F. Erbacher
Organizations
- United States Army Research Laboratory