Improving Cyber Situation Awareness by Building Trust in Analytics
Analysts depend on technology to access and understand information, information that ultimately impacts their level of Cyber Situation Awareness (CyberSA). Adoption of advanced analytics, particularly those that generate risk scores or that depend on machine learning, can be impacted by a lack of trust in what the scores represent. Lack of trust in analytics can negatively impact CyberSA and efficient decision making, as analysts who do not trust outcomes from analytic models continue to search for information that confirms the analytic outcome, or continue to seek supplementary environmental information prior to making critical decisions. While human-driven investigative work is, and will remain, critical for security operations, delays in decision making, and increased efforts in information gathering, can negatively impact the efficiency of threat detection. Semi-structured interviews with analysts revealed five avenues for improving trust in analytics, including Context-Based, Case-Based, Model-Based, Ethics-Based, and Human-Centric AI Improvements.
KeywordsUEBA CyberSA Analytics Risk scores HCI
- 1.Cisco Systems, Inc.: Annual cybersecurity report. Technical report (2018)Google Scholar
- 2.Forcepoint: The 2017 state of cybersecurity. Technical report (2017)Google Scholar
- 4.Barford, P., et al.: Cyber SA: situational awareness for cyber defense. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Advances in Information Security, vol. 46. Springer, Boston (2010)Google Scholar
- 5.Fylan, F.: Semi-structured interviewing. In: Miles, J., Gilbert, P. (eds.) A Handbook of Research Methods for Clinical & Health Psychology, pp. 65–77. Oxford University, Oxford (2005)Google Scholar