SlideShare a Scribd company logo

Improved Security Detection & Response via Optimized Alert Output: A Usability Study

Russ McRee
Russ McRee

Dissertation Defense: Improved Security Detection & Response via Optimized Alert Output: A Usability Study

Technology
1 of 15
Download to read offline
Improved Security Detection & Response via Optimized Alert Output: A Usability Study CapitolTechnology University Dissertation Defense by G. Russell McRee Dissertation Chair: Ian McAndrew PhD FRAeS Dissertation Committee: Dr. Atta-Ur-Rahman (Examiner), Allen H. Exner (Ex Officio) 17 AUG 2021
Statement of the Problem • Organizations risk data breach, loss of valuable human resources, reputation, and revenue due to excessive security alert volume and a lack of fidelity in security event data • These organizations face a large burden due to alert overload, where 99% of security professionals surveyed acknowledge that high volumes of security alerts are problematic
Rationale for the Study • This study addresses challenges inherent in data overload and complexity, using security data analytics derived from machine learning (ML) and data science models that produce alert output for analysts • Security analysts benefit in two ways: • Efficiency of results derived at scale via ML models • Benefit of quality alert results derived from the same models.
Literature Overview • Security data visualization can be used to address related human cognitive limitations (Rajivan, 2011) • Giacobe (2013) discussed the effectiveness of visual analytics and data fusion techniques on situation awareness in cyber-security, and focused on visual analytics, data fusion, and cybersecurity • Giacobe found that participants using the visual analytics (VA) interface performed better than those on the text-oriented interface, where the visual analytic interface yielded a performance that was quicker and more accurate that the text interface. • Giacobe conducted an experiment and survey separately • This study merged quasi-experiment in survey
Research Methodology/Design • Quantitative, quasi-experimental, explanatory study • TechnologyAcceptance Model (TAM) • Methodology utilized to statistically measure security analysts’ acceptance of two security alert output types: visual alert output (VAO) & text alert output (TAO) • A qualitative methodology & design was not considered as the business problem is one of data.The study’s data-driven findings can contribute to data-informed business decisions.
Data Analysis • DV: level of acceptance of the security alert output and is based on the four individual TAM components: PU, PEU, AU, and IU • Within-subjects IV: Scenario (3x), all participants subject to all scenarios • Between-subjects IV: Maximum Visual • Two levels: a preference forVAO in all three scenarios, and a preference forTAO in at least one of the scenarios • Mixed ANOVA to test level of acceptance of alert outputs as influenced by the within- subjects variable Scenario and the between-subjects variable Maximum Visual • Mann-Whitney U test performed to compare level of acceptance of alert outputs of the two levels of MaximumVisual • Friedman test performed to compare level of acceptance across the three scenarios
Findings (non-parametric) Significant difference (U = 863.5, p = 0.023) in level of acceptance of alert output between respondents who selected visual output across all scenarios (n = 59) compared to the respondents who provided mixed responses (n = 22). No significant difference between scenarios (𝑥^2 (2)=5.496, 𝑝< .064). Scenario mean ranks did not differ significantly from scenario to scenario when not also factoring for responses based on output preference (MaximumVisual).
Findings – Mixed ANOVA AllTAM measures (α = .05): a significant main effect of MaximumVisual scores (F(1, 79) = 4.111, p = .046, ηp2 = .049) on the level of acceptance of alert output as indicated by sum of participants' scores for allTAM components (PU, PEU, AU, and IU) between-subjects
Perceived Usability (α = .0125): a significant main effect of MaximumVisual scores (F(1, 79) = 7.643, p = .007, ηp2 = .088) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Usability (PU) between-subjects Perceived Ease of Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = .842, p = .362, ηp2 = .011) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Ease of Use (PEU) between-subjects Findings: Mixed ANOVA
Findings: Mixed ANOVA AttitudeToward Using (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.566, p = .036, ηp2 = .055) on the level of acceptance of alert output as indicated by sum of participants' scores for Attitude Toward Using (AU) between-subjects Intention To Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.378, p = .040, ηp2 = .053) on the level of acceptance of alert output as indicated by sum of participants' scores for Intention to Use (IU) between-subjects
Findings – RQ1 • RQ1: Is there a difference in the level of acceptance of security alert output between those with a preference for visual alert outputs (VAO) and those with a preference for text alert outputs (TAO), withVAO andTAO generated via data science/machine learning methods, as predicted by the Technology Acceptance Model (TAM)? Yes. • Non-parametric (between-subjects): U = 863.5, p = 0.023 • Parametric: • Within-subjects: (F (1.455, 114.915) = 5.634, p = 0.010, ηp2 = .067) • Between-subjects: (F (1, 79) = 4.111, p = .046, ηp2 = .049)
Findings – SQ1 • SQ1: Does the adoption ofVAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? In part. • TheTAM components perceived usability (PU) and perceived ease of use (PEU) are not significantly influenced by the adoption ofVAO within-subjects while attitude toward using (AU), and intention to use (IU) are significantly influenced by the adoption ofVAO within-subjects. • TheTAM component perceived usability (PU) is significantly influenced by the adoption ofVAO between-subjects.
Findings – SQ2 • SQ2: Does the adoption ofTAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? No. • No individualTAM component is significantly influenced byTAO adoption, andTAO adoption trailedVAO in near totality.
Recommendations for Research • Security analysts likely seek an initial visual alert inclusive of the options to dive deeper into the raw data. A future study could expose the degree to which analysts seek multifaceted options • A future study could further explore the perceptions of, and interactions with, dynamic visualizations versus static visualizations • Further explore, even under online survey constraints, a framework that more robustly assesses user experience • Opportunity exists to develop more nuanced data where information specific to participant gender, location, age group, company or organization size, and business sector could lead to improved insights
Thank you Questions? Once in a while, you get shown the light In the strangest of places if you look at it right ~Garcia/Hunter

Recommended

A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...ijseajournal
 
Technology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionTechnology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionManoj Sharma
 
A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...Phuong Dx
 
MLPA for health care presentation smc
MLPA for health care presentation smcMLPA for health care presentation smc
MLPA for health care presentation smcShaun Comfort
 
Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Sonia Whiteley
 
Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Tero Peltola
 
Machine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkMachine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkGabriel Hughes PhD
 
Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Scott Affelt
 

Recommended

A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...ijseajournal
 
Technology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionTechnology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionManoj Sharma
 
A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...Phuong Dx
 
MLPA for health care presentation smc
MLPA for health care presentation smcMLPA for health care presentation smc
MLPA for health care presentation smcShaun Comfort
 
Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Sonia Whiteley
 
Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Tero Peltola
 
Machine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkMachine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkGabriel Hughes PhD
 
Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Scott Affelt
 
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...Amit Tyagi
 
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...IAEME Publication
 
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 20151115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015Health Informatics New Zealand
 
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOTRon Pearson
 
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Predictionijsrd.com
 
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Omar F. Althuwaynee
 
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011Mathmodels Net
 
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringNandakumar P
 
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808baratta44
 
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxtheodorelove43763
 
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineeringsarfraznawaz
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikMichael Woods, MD, MMM
 
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Mathmodels Net
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetysarah7887
 
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technologypeertechzpublication
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
 
Science of safety training
Science of safety trainingScience of safety training
Science of safety trainingKrishnan Sankara Narayanan MS, MBA, CPHQ, FASHRM, LHRM
 
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management Seapine Software
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxbinasnasar1
 
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeEditor IJMTER
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

More Related Content

Similar to Improved Security Detection & Response via Optimized Alert Output: A Usability Study

COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...Amit Tyagi
 
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...IAEME Publication
 
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 20151115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015Health Informatics New Zealand
 
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOTRon Pearson
 
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Predictionijsrd.com
 
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Omar F. Althuwaynee
 
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringNandakumar P
 
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808baratta44
 
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxtheodorelove43763
 
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineeringsarfraznawaz
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikMichael Woods, MD, MMM
 
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Mathmodels Net
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetysarah7887
 
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technologypeertechzpublication
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
 
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management Seapine Software
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxbinasnasar1
 
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeEditor IJMTER
 

Similar to Improved Security Detection & Response via Optimized Alert Output: A Usability Study (20)

COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
 
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
 
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 20151115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015
 
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOT
 
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Prediction
 
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction
 
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011
 
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in Engineering
 
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808
 
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
 
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineering
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
 
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safety
 
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technology
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
 
Science of safety training
Science of safety trainingScience of safety training
Science of safety training
 
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptx
 
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing Scheme
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Improved Security Detection & Response via Optimized Alert Output: A Usability Study

  • 1. Improved Security Detection & Response via Optimized Alert Output: A Usability Study CapitolTechnology University Dissertation Defense by G. Russell McRee Dissertation Chair: Ian McAndrew PhD FRAeS Dissertation Committee: Dr. Atta-Ur-Rahman (Examiner), Allen H. Exner (Ex Officio) 17 AUG 2021
  • 2. Statement of the Problem • Organizations risk data breach, loss of valuable human resources, reputation, and revenue due to excessive security alert volume and a lack of fidelity in security event data • These organizations face a large burden due to alert overload, where 99% of security professionals surveyed acknowledge that high volumes of security alerts are problematic
  • 3. Rationale for the Study • This study addresses challenges inherent in data overload and complexity, using security data analytics derived from machine learning (ML) and data science models that produce alert output for analysts • Security analysts benefit in two ways: • Efficiency of results derived at scale via ML models • Benefit of quality alert results derived from the same models.
  • 4. Literature Overview • Security data visualization can be used to address related human cognitive limitations (Rajivan, 2011) • Giacobe (2013) discussed the effectiveness of visual analytics and data fusion techniques on situation awareness in cyber-security, and focused on visual analytics, data fusion, and cybersecurity • Giacobe found that participants using the visual analytics (VA) interface performed better than those on the text-oriented interface, where the visual analytic interface yielded a performance that was quicker and more accurate that the text interface. • Giacobe conducted an experiment and survey separately • This study merged quasi-experiment in survey
  • 5. Research Methodology/Design • Quantitative, quasi-experimental, explanatory study • TechnologyAcceptance Model (TAM) • Methodology utilized to statistically measure security analysts’ acceptance of two security alert output types: visual alert output (VAO) & text alert output (TAO) • A qualitative methodology & design was not considered as the business problem is one of data.The study’s data-driven findings can contribute to data-informed business decisions.
  • 6. Data Analysis • DV: level of acceptance of the security alert output and is based on the four individual TAM components: PU, PEU, AU, and IU • Within-subjects IV: Scenario (3x), all participants subject to all scenarios • Between-subjects IV: Maximum Visual • Two levels: a preference forVAO in all three scenarios, and a preference forTAO in at least one of the scenarios • Mixed ANOVA to test level of acceptance of alert outputs as influenced by the within- subjects variable Scenario and the between-subjects variable Maximum Visual • Mann-Whitney U test performed to compare level of acceptance of alert outputs of the two levels of MaximumVisual • Friedman test performed to compare level of acceptance across the three scenarios
  • 7. Findings (non-parametric) Significant difference (U = 863.5, p = 0.023) in level of acceptance of alert output between respondents who selected visual output across all scenarios (n = 59) compared to the respondents who provided mixed responses (n = 22). No significant difference between scenarios (𝑥^2 (2)=5.496, 𝑝< .064). Scenario mean ranks did not differ significantly from scenario to scenario when not also factoring for responses based on output preference (MaximumVisual).
  • 8. Findings – Mixed ANOVA AllTAM measures (α = .05): a significant main effect of MaximumVisual scores (F(1, 79) = 4.111, p = .046, ηp2 = .049) on the level of acceptance of alert output as indicated by sum of participants' scores for allTAM components (PU, PEU, AU, and IU) between-subjects
  • 9. Perceived Usability (α = .0125): a significant main effect of MaximumVisual scores (F(1, 79) = 7.643, p = .007, ηp2 = .088) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Usability (PU) between-subjects Perceived Ease of Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = .842, p = .362, ηp2 = .011) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Ease of Use (PEU) between-subjects Findings: Mixed ANOVA
  • 10. Findings: Mixed ANOVA AttitudeToward Using (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.566, p = .036, ηp2 = .055) on the level of acceptance of alert output as indicated by sum of participants' scores for Attitude Toward Using (AU) between-subjects Intention To Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.378, p = .040, ηp2 = .053) on the level of acceptance of alert output as indicated by sum of participants' scores for Intention to Use (IU) between-subjects
  • 11. Findings – RQ1 • RQ1: Is there a difference in the level of acceptance of security alert output between those with a preference for visual alert outputs (VAO) and those with a preference for text alert outputs (TAO), withVAO andTAO generated via data science/machine learning methods, as predicted by the Technology Acceptance Model (TAM)? Yes. • Non-parametric (between-subjects): U = 863.5, p = 0.023 • Parametric: • Within-subjects: (F (1.455, 114.915) = 5.634, p = 0.010, ηp2 = .067) • Between-subjects: (F (1, 79) = 4.111, p = .046, ηp2 = .049)
  • 12. Findings – SQ1 • SQ1: Does the adoption ofVAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? In part. • TheTAM components perceived usability (PU) and perceived ease of use (PEU) are not significantly influenced by the adoption ofVAO within-subjects while attitude toward using (AU), and intention to use (IU) are significantly influenced by the adoption ofVAO within-subjects. • TheTAM component perceived usability (PU) is significantly influenced by the adoption ofVAO between-subjects.
  • 13. Findings – SQ2 • SQ2: Does the adoption ofTAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? No. • No individualTAM component is significantly influenced byTAO adoption, andTAO adoption trailedVAO in near totality.
  • 14. Recommendations for Research • Security analysts likely seek an initial visual alert inclusive of the options to dive deeper into the raw data. A future study could expose the degree to which analysts seek multifaceted options • A future study could further explore the perceptions of, and interactions with, dynamic visualizations versus static visualizations • Further explore, even under online survey constraints, a framework that more robustly assesses user experience • Opportunity exists to develop more nuanced data where information specific to participant gender, location, age group, company or organization size, and business sector could lead to improved insights
  • 15. Thank you Questions? Once in a while, you get shown the light In the strangest of places if you look at it right ~Garcia/Hunter