Paper Info
Title
Crush Your Data with ViC<sup>2</sup>ES Then CHISSL Away
Abstract
Insider Threat Detection is one of the greatest challenges for organizational cybersecurity [2]. In this paper, we designed and evaluated visually compressed cyber event sequence (ViC <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> ES) to assist analysts with building mental models about user activity for Insider Threat Detection. Our visualizations, which show user activity on a daily level, are purpose-built to be embedded in our in-house active learning tool called "CHISSL." [3], [4] We explored different visual compression techniques with binning or run length encoding, resulting in four unique designs built upon the same icon array presentation. We evaluated these four designs for both low-level and high-level tasks in two experiments: in Experiment I, participants performed perceptual tasks such as selecting the most and least similar activities for each of the designs; in Experiment II, participants used one of the designs in CHISSL for eleven reasoning tasks. The results suggest that participants preferred the high level of aggregation, but made the fewest errors with the low level of aggregation; they were able to interact with CHISSL and accomplish the tasks using both designs. We believe our aggregated designs are effective regarding both task performance and screen space; the high and low levels of aggregation designs are valid for user activity modeling.
Year
DOI
Venue
2018
10.1109/VIZSEC.2018.8709212
2018 IEEE Symposium on Visualization for Cyber Security (VizSec)
Keywords
DocType
ISSN
insider threat,user activity monitoring,visual interactive labeling,event sequence visualization,user study
Conference
2639-4359
ISBN
Citations 
PageRank 
978-1-5386-8195-4
0
0.34
References 
Authors
26
5
Name
Order
Citations
PageRank
Dustin Lockhart Arendt1172.17
Lyndsey R. Franklin200.34
Fumeng Yang3654.93
Brooke R. Brisbois400.34
Ryan R. LaMothe500.34