TY - GEN
T1 - How to use experience in cyber analysis
T2 - 11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013
AU - Zhong, Chen
AU - Kirubakaran, Deepak S.
AU - Yen, John
AU - Liu, Peng
AU - Hutchinson, Steve
AU - Cam, Hasan
PY - 2013/9/9
Y1 - 2013/9/9
N2 - Cyber analysis is a difficult task for analysts due to huge amounts of noise-abundant monitoring data and increasing complexity of the reasoning tasks. Therefore, experience from experts can provide guidance for analysts' analytical reasoning and contribute to training. Despite its great potential benefits, experience has not been effectively leveraged in the existing reasoning support systems due to the difficulty of elicitation and reuse. To fill the gap, we propose an experience-aided reasoning support system which can automatically capture experts' experi-ence and subsequently guide the novices' reasoning in a step-by-step manner. Drawing on cognitive theory, we model experience as a reasoning process involving 'actions', 'observations', and 'hypotheses'. Computability and adaptability are the compar-ative advantages of this model: the 'hypotheses' capture analysts' internal mental reasoning as a black box, while the 'actions' and 'observations' formally representing the external context and analysts' evidence exploration activities. This paper demonstrates how this system, built on this experience model, can capture and utilize experience effectively.
AB - Cyber analysis is a difficult task for analysts due to huge amounts of noise-abundant monitoring data and increasing complexity of the reasoning tasks. Therefore, experience from experts can provide guidance for analysts' analytical reasoning and contribute to training. Despite its great potential benefits, experience has not been effectively leveraged in the existing reasoning support systems due to the difficulty of elicitation and reuse. To fill the gap, we propose an experience-aided reasoning support system which can automatically capture experts' experi-ence and subsequently guide the novices' reasoning in a step-by-step manner. Drawing on cognitive theory, we model experience as a reasoning process involving 'actions', 'observations', and 'hypotheses'. Computability and adaptability are the compar-ative advantages of this model: the 'hypotheses' capture analysts' internal mental reasoning as a black box, while the 'actions' and 'observations' formally representing the external context and analysts' evidence exploration activities. This paper demonstrates how this system, built on this experience model, can capture and utilize experience effectively.
UR - http://www.scopus.com/inward/record.url?scp=84883431548&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883431548&partnerID=8YFLogxK
U2 - 10.1109/ISI.2013.6578832
DO - 10.1109/ISI.2013.6578832
M3 - Conference contribution
AN - SCOPUS:84883431548
SN - 9781467362115
T3 - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics
SP - 263
EP - 265
BT - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics
Y2 - 4 June 2013 through 7 June 2013
ER -