RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis

Chen Zhong; Deepak Samuel; John Yen; Peng Liu; Robert Erbacher; Steve Hutchinson; Renee Etoty; Hasan Cam; William Glodek

doi:10.1109/CogSIMA.2014.6816567

RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis

Chen Zhong, Deepak Samuel, John Yen, Peng Liu, Robert Erbacher, Steve Hutchinson, Renee Etoty, Hasan Cam, William Glodek

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Scopus citations

Abstract

In cyber analysis, it is highly desirable to support the analysis of junior analysts by leveraging the experiences of experts. But, there are two major challenges to achieve this goal. First, it is very costly to capture the experience of experts for the complex task of cyber analysis using traditional approaches such as protocol analysis. Second, it is difficult to identify previous experiences of experts that are relevant to the dynamic context of an analyst's cyber analysis task. To address the first challenge, a system has been developed to capture non-intrusively the analytical reasoning processes of analysts. To tackle the second challenge, this paper presents an effective and efficient approach for retrieving relevant experiences based on the dynamically changing context of cyber analysis. We define an experience as a process of analytical reasoning and adopt an Action-Observation-Hypothesis (A-O-H) model to represent the processes in cyber analysis. Based on this model, a tool for capturing and supporting the analytical reasoning processes is shown to be able to support the elusive cognitive process in dynamic cyber situations. The experience retrieval approach of this paper supports the efficient experience retrieval, and dynamically updates the results as the context of analysis evolves. The experience retrieval approach is evaluated, based on the precision and recall with respect to the ground truth. The evaluation results suggest that the proposed approach supports significantly the analytical reasoning of analysts by leveraging the experiences of experts.

Original language	English (US)
Title of host publication	2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014
Publisher	IEEE Computer Society
Pages	230-236
Number of pages	7
ISBN (Print)	9781479935642
DOIs	https://doi.org/10.1109/CogSIMA.2014.6816567
State	Published - 2014
Event	2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014 - San Antonio, TX, United States Duration: Mar 3 2014 → Mar 6 2014

Publication series

Name	2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014

Other

Other	2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014
Country/Territory	United States
City	San Antonio, TX
Period	3/3/14 → 3/6/14

All Science Journal Classification (ASJC) codes

Software

Access to Document

10.1109/CogSIMA.2014.6816567

Cite this

Zhong, C., Samuel, D., Yen, J., Liu, P., Erbacher, R., Hutchinson, S., Etoty, R., Cam, H., & Glodek, W. (2014). RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis. In 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014 (pp. 230-236). Article 6816567 (2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014). IEEE Computer Society. https://doi.org/10.1109/CogSIMA.2014.6816567

Zhong, Chen ; Samuel, Deepak ; Yen, John et al. / RankAOH : Context-driven similarity-based retrieval of experiences in cyber analysis. 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014. IEEE Computer Society, 2014. pp. 230-236 (2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014).

@inproceedings{c603eed6dbf4446d90b3dbb2c6acc0f2,

title = "RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis",

abstract = "In cyber analysis, it is highly desirable to support the analysis of junior analysts by leveraging the experiences of experts. But, there are two major challenges to achieve this goal. First, it is very costly to capture the experience of experts for the complex task of cyber analysis using traditional approaches such as protocol analysis. Second, it is difficult to identify previous experiences of experts that are relevant to the dynamic context of an analyst's cyber analysis task. To address the first challenge, a system has been developed to capture non-intrusively the analytical reasoning processes of analysts. To tackle the second challenge, this paper presents an effective and efficient approach for retrieving relevant experiences based on the dynamically changing context of cyber analysis. We define an experience as a process of analytical reasoning and adopt an Action-Observation-Hypothesis (A-O-H) model to represent the processes in cyber analysis. Based on this model, a tool for capturing and supporting the analytical reasoning processes is shown to be able to support the elusive cognitive process in dynamic cyber situations. The experience retrieval approach of this paper supports the efficient experience retrieval, and dynamically updates the results as the context of analysis evolves. The experience retrieval approach is evaluated, based on the precision and recall with respect to the ground truth. The evaluation results suggest that the proposed approach supports significantly the analytical reasoning of analysts by leveraging the experiences of experts.",

author = "Chen Zhong and Deepak Samuel and John Yen and Peng Liu and Robert Erbacher and Steve Hutchinson and Renee Etoty and Hasan Cam and William Glodek",

year = "2014",

doi = "10.1109/CogSIMA.2014.6816567",

language = "English (US)",

isbn = "9781479935642",

series = "2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014",

publisher = "IEEE Computer Society",

pages = "230--236",

booktitle = "2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014",

address = "United States",

note = "2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014 ; Conference date: 03-03-2014 Through 06-03-2014",

}

Zhong, C, Samuel, D, Yen, J , Liu, P, Erbacher, R, Hutchinson, S, Etoty, R, Cam, H & Glodek, W 2014, RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis. in 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014., 6816567, 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014, IEEE Computer Society, pp. 230-236, 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014, San Antonio, TX, United States, 3/3/14. https://doi.org/10.1109/CogSIMA.2014.6816567

RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis. / Zhong, Chen; Samuel, Deepak; Yen, John et al.
2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014. IEEE Computer Society, 2014. p. 230-236 6816567 (2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - RankAOH

T2 - 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014

AU - Zhong, Chen

AU - Samuel, Deepak

AU - Yen, John

AU - Liu, Peng

AU - Erbacher, Robert

AU - Hutchinson, Steve

AU - Etoty, Renee

AU - Cam, Hasan

AU - Glodek, William

PY - 2014

Y1 - 2014

N2 - In cyber analysis, it is highly desirable to support the analysis of junior analysts by leveraging the experiences of experts. But, there are two major challenges to achieve this goal. First, it is very costly to capture the experience of experts for the complex task of cyber analysis using traditional approaches such as protocol analysis. Second, it is difficult to identify previous experiences of experts that are relevant to the dynamic context of an analyst's cyber analysis task. To address the first challenge, a system has been developed to capture non-intrusively the analytical reasoning processes of analysts. To tackle the second challenge, this paper presents an effective and efficient approach for retrieving relevant experiences based on the dynamically changing context of cyber analysis. We define an experience as a process of analytical reasoning and adopt an Action-Observation-Hypothesis (A-O-H) model to represent the processes in cyber analysis. Based on this model, a tool for capturing and supporting the analytical reasoning processes is shown to be able to support the elusive cognitive process in dynamic cyber situations. The experience retrieval approach of this paper supports the efficient experience retrieval, and dynamically updates the results as the context of analysis evolves. The experience retrieval approach is evaluated, based on the precision and recall with respect to the ground truth. The evaluation results suggest that the proposed approach supports significantly the analytical reasoning of analysts by leveraging the experiences of experts.

AB - In cyber analysis, it is highly desirable to support the analysis of junior analysts by leveraging the experiences of experts. But, there are two major challenges to achieve this goal. First, it is very costly to capture the experience of experts for the complex task of cyber analysis using traditional approaches such as protocol analysis. Second, it is difficult to identify previous experiences of experts that are relevant to the dynamic context of an analyst's cyber analysis task. To address the first challenge, a system has been developed to capture non-intrusively the analytical reasoning processes of analysts. To tackle the second challenge, this paper presents an effective and efficient approach for retrieving relevant experiences based on the dynamically changing context of cyber analysis. We define an experience as a process of analytical reasoning and adopt an Action-Observation-Hypothesis (A-O-H) model to represent the processes in cyber analysis. Based on this model, a tool for capturing and supporting the analytical reasoning processes is shown to be able to support the elusive cognitive process in dynamic cyber situations. The experience retrieval approach of this paper supports the efficient experience retrieval, and dynamically updates the results as the context of analysis evolves. The experience retrieval approach is evaluated, based on the precision and recall with respect to the ground truth. The evaluation results suggest that the proposed approach supports significantly the analytical reasoning of analysts by leveraging the experiences of experts.

UR - http://www.scopus.com/inward/record.url?scp=84902096381&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84902096381&partnerID=8YFLogxK

U2 - 10.1109/CogSIMA.2014.6816567

DO - 10.1109/CogSIMA.2014.6816567

M3 - Conference contribution

AN - SCOPUS:84902096381

SN - 9781479935642

T3 - 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014

SP - 230

EP - 236

BT - 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014

PB - IEEE Computer Society

Y2 - 3 March 2014 through 6 March 2014

ER -

Zhong C, Samuel D, Yen J , Liu P, Erbacher R, Hutchinson S et al. RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis. In 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014. IEEE Computer Society. 2014. p. 230-236. 6816567. (2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2014). doi: 10.1109/CogSIMA.2014.6816567

RankAOH: Context-driven similarity-based retrieval of experiences in cyber analysis

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this