An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes

Chen Zhong, John Yen, Peng Liu, Rob Erbacher, Renee Etoty, Christopher Garneau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450333764
DOIs
StatePublished - Apr 21 2015
EventSymposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States
Duration: Apr 21 2015Apr 22 2015

Publication series

NameACM International Conference Proceeding Series
Volume21-22-April-2015

Other

OtherSymposium and Bootcamp on the Science of Security, HotSoS 2015
Country/TerritoryUnited States
CityUrbana
Period4/21/154/22/15

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes'. Together they form a unique fingerprint.

Cite this