| Title | A Full-Scale Security Visualization Effectiveness Measurement and Presentation Approach |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Garae, J., Ko, R. K. L., Apperley, M. |
| Conference Name | 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
| Keywords | alerts, Attention span, circular visualization designs attract, Cognition, cognitive load, computer security, Correlation, cyber security, cyber-attacks, data visualisation, Data visualization, decision making, Distortion measurement, Effectiveness measurement, effectiveness metrics, full-scale effectiveness approach, full-scale security visualization effectiveness framework, full-scale security visualization effectiveness measurement, mobile display dimension, mobile security, multiuser collaboration, Network security, policy-based governance, policy-making levels, presentation approach, pubcrawl, real-time security visualization application, security events, security incident entities, security insights, security of data, security policies, Security Visualization, security visualization effectiveness measurement framework, SvEm framework key components, SvEm visualizations, three-dimensional visualization, understanding cyber-attacks, user cognition activators, user response times, user-centric visualization techniques, visual clarity, visualization, Web Application Security |
| Abstract | What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analyzing, understanding and reporting cyber security incidents? Identifying and understanding cyber-attacks are critical for decision making - not just at the technical level, but also the management and policy-making levels. Our research studied both questions and extends our Security Visualization Effectiveness Measurement (SvEm) framework by providing a full-scale effectiveness approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through interactive three-dimensional visualization to enhance both single and multi-user collaboration. We investigated effectiveness metrics including (1) visual clarity, (2) visibility, (3) distortion rates and (4) user response (viewing) times. The SvEm framework key components are: (1) mobile display dimension and resolution factor, (2) security incident entities, (3) user cognition activators and alerts, (4) threat scoring system, (5) working memory load and (6) color usage management. To evaluate our full-scale security visualization effectiveness framework, we developed VisualProgger - a real-time security visualization application (web and mobile) visualizing data provenance changes in SvEm use cases. Finally, the SvEm visualizations aims to gain the users' attention span by ensuring a consistency in the viewer's cognitive load, while increasing the viewer's working memory load. In return, users have high potential to gain security insights in security visualization. Our evaluation shows that viewers perform better with prior knowledge (working memory load) of security events and that circular visualization designs attract and maintain the viewer's attention span. These discoveries revealed research directions for future work relating to measurement of security visualization effectiveness. |
| DOI | 10.1109/TrustCom/BigDataSE.2018.00095 |
| Citation Key | garae_full-scale_2018 |
A Full-Scale Security Visualization Effectiveness Measurement and Presentation Approach