Explaining collaborative filtering recommendations
CSCW '00 Proceedings of the 2000 ACM conference on Computer supported cooperative work
Structural Graph Matching Using the EM Algorithm and Singular Value Decomposition
IEEE Transactions on Pattern Analysis and Machine Intelligence - Graph Algorithms and Computer Vision
Toolkit Design for Interactive Structured Graphics
IEEE Transactions on Software Engineering
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Computer Networks: The International Journal of Computer and Telecommunications Networking
An Information Visualization Framework for Intrusion Detection
CHI '04 Extended Abstracts on Human Factors in Computing Systems
IDS RainStorm: Visualizing IDS Alarms
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Trust building with explanation interfaces
Proceedings of the 11th international conference on Intelligent user interfaces
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Beyond Boundary Objects: Collaborative Reuse in Aircraft Technical Support
Computer Supported Cooperative Work
Tagsplanations: explaining recommendations using tags
Proceedings of the 14th international conference on Intelligent user interfaces
A Survey of Explanations in Recommender Systems
ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Bubble Sets: Revealing Set Relations with Isocontours over Existing Visualizations
IEEE Transactions on Visualization and Computer Graphics
Taking advice from intelligent systems: the double-edged sword of explanations
Proceedings of the 16th international conference on Intelligent user interfaces
NV: Nessus vulnerability visualization for the web
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
NAVSEC: a recommender system for 3D network security visualizations
Proceedings of the Tenth Workshop on Visualization for Cyber Security
Hi-index | 0.00 |
Analysts engaged in real-time monitoring of cybersecurity incidents must quickly and accurately respond to alerts generated by intrusion detection systems. We investigated two complementary approaches to improving analyst performance on this vigilance task: a graph-based visualization of correlated IDS output and defensible recommendations based on machine learning from historical analyst behavior. We tested our approach with 18 professional cybersecurity analysts using a prototype environment in which we compared the visualization with a conventional tabular display, and the defensible recommendations with limited or no recommendations. Quantitative results showed improved analyst accuracy with the visual display and the defensible recommendations. Additional qualitative data from a "talk aloud" protocol illustrated the role of displays and recommendations in analysts' decision-making process. Implications for the design of future online analysis environments are discussed.