An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes

Chen Zhong, John Yen, Peng Liu, Rob Erbacher, Renee Etoty, Christopher Garneau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450333764
DOIs
StatePublished - Apr 21 2015
EventSymposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States
Duration: Apr 21 2015Apr 22 2015

Publication series

NameACM International Conference Proceeding Series
Volume21-22-April-2015

Other

OtherSymposium and Bootcamp on the Science of Security, HotSoS 2015
CountryUnited States
CityUrbana
Period4/21/154/22/15

Fingerprint

Trace analysis
Experiments
Students
Uncertainty

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Zhong, C., Yen, J., Liu, P., Erbacher, R., Etoty, R., & Garneau, C. (2015). An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015 [2746203] (ACM International Conference Proceeding Series; Vol. 21-22-April-2015). Association for Computing Machinery. https://doi.org/10.1145/2746194.2746203
Zhong, Chen ; Yen, John ; Liu, Peng ; Erbacher, Rob ; Etoty, Renee ; Garneau, Christopher. / An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes. Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. (ACM International Conference Proceeding Series).
@inproceedings{17cf0f98f7cf412b82c8b7cd351729d9,
title = "An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes",
abstract = "As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.",
author = "Chen Zhong and John Yen and Peng Liu and Rob Erbacher and Renee Etoty and Christopher Garneau",
year = "2015",
month = "4",
day = "21",
doi = "10.1145/2746194.2746203",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015",

}

Zhong, C, Yen, J, Liu, P, Erbacher, R, Etoty, R & Garneau, C 2015, An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes. in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015., 2746203, ACM International Conference Proceeding Series, vol. 21-22-April-2015, Association for Computing Machinery, Symposium and Bootcamp on the Science of Security, HotSoS 2015, Urbana, United States, 4/21/15. https://doi.org/10.1145/2746194.2746203

An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes. / Zhong, Chen; Yen, John; Liu, Peng; Erbacher, Rob; Etoty, Renee; Garneau, Christopher.

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. 2746203 (ACM International Conference Proceeding Series; Vol. 21-22-April-2015).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes

AU - Zhong, Chen

AU - Yen, John

AU - Liu, Peng

AU - Erbacher, Rob

AU - Etoty, Renee

AU - Garneau, Christopher

PY - 2015/4/21

Y1 - 2015/4/21

N2 - As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.

AB - As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.

UR - http://www.scopus.com/inward/record.url?scp=84986612839&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84986612839&partnerID=8YFLogxK

U2 - 10.1145/2746194.2746203

DO - 10.1145/2746194.2746203

M3 - Conference contribution

AN - SCOPUS:84986612839

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015

PB - Association for Computing Machinery

ER -

Zhong C, Yen J, Liu P, Erbacher R, Etoty R, Garneau C. An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery. 2015. 2746203. (ACM International Conference Proceeding Series). https://doi.org/10.1145/2746194.2746203