Vít Rusňák, L. Janečková, Filip Drgon, Anna-Marie Dombajova, Veronika Kudelkova
{"title":"利用分析来源改进网络安全事件分析工作流程","authors":"Vít Rusňák, L. Janečková, Filip Drgon, Anna-Marie Dombajova, Veronika Kudelkova","doi":"10.1109/IV56949.2022.00058","DOIUrl":null,"url":null,"abstract":"Cybersecurity incident analysis is an exploratory, data-driven process over records and logs from network monitoring tools. The process is rarely linear and frequently breaks down into multiple investigation branches. Analysts document all the steps and lessons learned and suggest mitigations. However, current tools provide only limited support for analytical provenance. As a result, analysts have to record all the details regarding the performed steps and notes in separate documents. Such a procedure increases their cognitive demands and is naturally error-prone. This paper proposes a conceptual design of the analytical tool implementing means of analytical provenance in cybersecurity incident analysis workflows. We identified the user requirements and designed and implemented a proof of concept prototype application Incident Analyzer. Qualitative feedback from four domain experts confirmed that our approach is promising and can significantly improve current cybersecurity and network incident analysis practices.","PeriodicalId":153161,"journal":{"name":"2022 26th International Conference Information Visualisation (IV)","volume":"144 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improving Cybersecurity Incident Analysis Workflow with Analytical Provenance\",\"authors\":\"Vít Rusňák, L. Janečková, Filip Drgon, Anna-Marie Dombajova, Veronika Kudelkova\",\"doi\":\"10.1109/IV56949.2022.00058\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity incident analysis is an exploratory, data-driven process over records and logs from network monitoring tools. The process is rarely linear and frequently breaks down into multiple investigation branches. Analysts document all the steps and lessons learned and suggest mitigations. However, current tools provide only limited support for analytical provenance. As a result, analysts have to record all the details regarding the performed steps and notes in separate documents. Such a procedure increases their cognitive demands and is naturally error-prone. This paper proposes a conceptual design of the analytical tool implementing means of analytical provenance in cybersecurity incident analysis workflows. We identified the user requirements and designed and implemented a proof of concept prototype application Incident Analyzer. Qualitative feedback from four domain experts confirmed that our approach is promising and can significantly improve current cybersecurity and network incident analysis practices.\",\"PeriodicalId\":153161,\"journal\":{\"name\":\"2022 26th International Conference Information Visualisation (IV)\",\"volume\":\"144 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 26th International Conference Information Visualisation (IV)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IV56949.2022.00058\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 26th International Conference Information Visualisation (IV)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IV56949.2022.00058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving Cybersecurity Incident Analysis Workflow with Analytical Provenance
Cybersecurity incident analysis is an exploratory, data-driven process over records and logs from network monitoring tools. The process is rarely linear and frequently breaks down into multiple investigation branches. Analysts document all the steps and lessons learned and suggest mitigations. However, current tools provide only limited support for analytical provenance. As a result, analysts have to record all the details regarding the performed steps and notes in separate documents. Such a procedure increases their cognitive demands and is naturally error-prone. This paper proposes a conceptual design of the analytical tool implementing means of analytical provenance in cybersecurity incident analysis workflows. We identified the user requirements and designed and implemented a proof of concept prototype application Incident Analyzer. Qualitative feedback from four domain experts confirmed that our approach is promising and can significantly improve current cybersecurity and network incident analysis practices.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
