Toward a Visualization-Supported Workflow for Cyber Alert Management Using Threat Models and Human-Centered Design

机译：使用威胁模型和以人为本的设计，迈向网络警报管理的可视化支持的工作流程

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Cyber network analysts follow complex processes in their investigations of potential threats to their network. Much research is dedicated to providing automated decision support in the effort to make their tasks more efficient, accurate, and timely. Support tools come in a variety of implementations from machine learning algorithms that monitor streams of data to visual analytic environments for exploring rich and noisy data sets. Cyber analysts, however, need tools which help them merge the data they already have and help them establish appropriate baselines against which to compare anomalies. Furthermore, existing threat models that cyber analysts regularly use to structure their investigation are not often leveraged in support tools. We report on our work with cyber analysts to understand the analytic process and how one such model, the MITRE ATT&CK Matrix [42], is used to structure their analytic thinking. We present our efforts to map specific data needed by analysts into this threat model to inform our visualization designs. We leverage this expert knowledge elicitation to identify a capability gaps that might be filled with visual analytic tools. We propose a prototype visual analytic-supported alert management workflow to aid cyber analysts working with threat models.

机译：网络网络分析师遵循复杂的流程，调查对其网络的潜在威胁。很多研究致力于提供自动化决策支持，以使其任务更高效，准确，及时。支持工具来自机器学习算法的各种实现，将数据流监控到视觉分析环境中，以探索丰富和嘈杂的数据集。然而，网络分析师需要帮助他们合并他们已经拥有的数据的工具，并帮助他们建立适当的基线来比较异常。此外，网络分析师定期使用其调查的现有威胁模型通常不会在支持工具中利用。我们对我们的网络分析师报告工作，了解分析过程，以及如何这样的一个模型，斜切ATT＆CK矩阵[42]，用于构建自己的分析性思维。我们介绍了努力将分析师所需的特定数据映射到这种威胁模型中，以通知我们的可视化设计。我们利用这一专家知识引出来识别可能填充视觉分析工具的能力差距。我们提出了一个原型视觉分析支持的警报管理工作流程，以帮助网络分析师使用威胁模型。

著录项

来源
《IEEE Symposium on Visualization for Cyber Security》|2017年|72p|共8页
会议地点
作者
Lyndsey Franklin; Meg Pirrung; Leslie Blaha; Michelle Dowling; Mi Feng;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP393.08-53;
关键词

相似文献

外文文献
中文文献
专利

1. Surgical workflow management schemata for cataract procedures. process model-based design and validation of workflow schemata. [J] . T Neumuth, P Liebmann, P Wiedemann, Methods of information in medicine . 2012,第5期

机译：白内障手术的外科手术流程管理方案。基于流程模型的设计和工作流方案的验证。
2. Secure by Design: Cybersecurity Extensions to Project Management Maturity Models for Critical Infrastructure Projects [J] . Jay Payette, Esther Anegbe, Erika Caceres, Technology Innovation Management Review . 2015,第6期

机译：通过设计确保安全：关键基础设施项目的项目管理成熟度模型的网络安全扩展
3. Secure by Design: Cybersecurity Extensions to Project Management Maturity Models for Critical Infrastructure Projects [J] . Jay Payette, Esther Anegbe, Erika Caceres, Technology Innovation Management Review . 2015,第6期

机译：通过设计确保安全：关键基础设施项目的项目管理成熟度模型的网络安全扩展
4. Toward a Visualization-Supported Workflow for Cyber Alert Management Using Threat Models and Human-Centered Design [C] . Lyndsey Franklin, Meg Pirrung, Leslie Blaha, IEEE Symposium on Visualization for Cyber Security . 2017

机译：使用威胁模型和以人为本的设计，迈向网络警报管理的可视化支持的工作流程
5. Human-Centered Design of Health Information Technology for Workflow Integration [D] . Salwei, Megan Elizabeth. 2020

机译：用于工作流集成的人以人为本的健康信息技术设计
6. Human-centered design of a personal health record system for metabolic syndrome management based on the ISO 9241-210:2010 standard [O] . Charic D Farinango, Juan S Benavides, Jesús D Cerón, 2018

机译：基于ISO 9241-210：2010标准的以人为本的代谢综合征管理个人健康记录系统设计
7. Application of Artificial Intelligence in User Interfaces Design for Cyber Security Threat Modeling [O] . Jide Ebenezer Taiwo Akinsola, Samuel Akinseinde, Olamide Kalesanwo, 2021

机译：人工智能在网络安全威胁建模中的用户界面设计中的应用

Toward a Visualization-Supported Workflow for Cyber Alert Management Using Threat Models and Human-Centered Design

摘要

著录项

相似文献

相关主题

期刊订阅