TY - GEN
T1 - An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes
AU - Zhong, Chen
AU - Yen, John
AU - Liu, Peng
AU - Erbacher, Rob
AU - Etoty, Renee
AU - Garneau, Christopher
N1 - Funding Information:
Supported by ARO Grant W911NF-09-1-0525 (MURI).
Publisher Copyright:
© 2015 Association for Computing Machinery.
PY - 2015/4/21
Y1 - 2015/4/21
N2 - As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.
AB - As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.
UR - http://www.scopus.com/inward/record.url?scp=84986612839&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84986612839&partnerID=8YFLogxK
U2 - 10.1145/2746194.2746203
DO - 10.1145/2746194.2746203
M3 - Conference contribution
AN - SCOPUS:84986612839
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PB - Association for Computing Machinery
T2 - Symposium and Bootcamp on the Science of Security, HotSoS 2015
Y2 - 21 April 2015 through 22 April 2015
ER -