SlideShare a Scribd company logo

Improved Security Detection & Response via Optimized Alert Output: A Usability Study

Russ McRee
Russ McRee

Dissertation Defense: Improved Security Detection & Response via Optimized Alert Output: A Usability Study

Technology
1 of 15
Download to read offline
Improved Security Detection & Response via Optimized Alert Output: A Usability Study CapitolTechnology University Dissertation Defense by G. Russell McRee Dissertation Chair: Ian McAndrew PhD FRAeS Dissertation Committee: Dr. Atta-Ur-Rahman (Examiner), Allen H. Exner (Ex Officio) 17 AUG 2021
Statement of the Problem • Organizations risk data breach, loss of valuable human resources, reputation, and revenue due to excessive security alert volume and a lack of fidelity in security event data • These organizations face a large burden due to alert overload, where 99% of security professionals surveyed acknowledge that high volumes of security alerts are problematic
Rationale for the Study • This study addresses challenges inherent in data overload and complexity, using security data analytics derived from machine learning (ML) and data science models that produce alert output for analysts • Security analysts benefit in two ways: • Efficiency of results derived at scale via ML models • Benefit of quality alert results derived from the same models.
Literature Overview • Security data visualization can be used to address related human cognitive limitations (Rajivan, 2011) • Giacobe (2013) discussed the effectiveness of visual analytics and data fusion techniques on situation awareness in cyber-security, and focused on visual analytics, data fusion, and cybersecurity • Giacobe found that participants using the visual analytics (VA) interface performed better than those on the text-oriented interface, where the visual analytic interface yielded a performance that was quicker and more accurate that the text interface. • Giacobe conducted an experiment and survey separately • This study merged quasi-experiment in survey
Research Methodology/Design • Quantitative, quasi-experimental, explanatory study • TechnologyAcceptance Model (TAM) • Methodology utilized to statistically measure security analysts’ acceptance of two security alert output types: visual alert output (VAO) & text alert output (TAO) • A qualitative methodology & design was not considered as the business problem is one of data.The study’s data-driven findings can contribute to data-informed business decisions.
Data Analysis • DV: level of acceptance of the security alert output and is based on the four individual TAM components: PU, PEU, AU, and IU • Within-subjects IV: Scenario (3x), all participants subject to all scenarios • Between-subjects IV: Maximum Visual • Two levels: a preference forVAO in all three scenarios, and a preference forTAO in at least one of the scenarios • Mixed ANOVA to test level of acceptance of alert outputs as influenced by the within- subjects variable Scenario and the between-subjects variable Maximum Visual • Mann-Whitney U test performed to compare level of acceptance of alert outputs of the two levels of MaximumVisual • Friedman test performed to compare level of acceptance across the three scenarios
Findings (non-parametric) Significant difference (U = 863.5, p = 0.023) in level of acceptance of alert output between respondents who selected visual output across all scenarios (n = 59) compared to the respondents who provided mixed responses (n = 22). No significant difference between scenarios (𝑥^2 (2)=5.496, 𝑝< .064). Scenario mean ranks did not differ significantly from scenario to scenario when not also factoring for responses based on output preference (MaximumVisual).
Findings – Mixed ANOVA AllTAM measures (α = .05): a significant main effect of MaximumVisual scores (F(1, 79) = 4.111, p = .046, ηp2 = .049) on the level of acceptance of alert output as indicated by sum of participants' scores for allTAM components (PU, PEU, AU, and IU) between-subjects
Perceived Usability (α = .0125): a significant main effect of MaximumVisual scores (F(1, 79) = 7.643, p = .007, ηp2 = .088) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Usability (PU) between-subjects Perceived Ease of Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = .842, p = .362, ηp2 = .011) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Ease of Use (PEU) between-subjects Findings: Mixed ANOVA
Findings: Mixed ANOVA AttitudeToward Using (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.566, p = .036, ηp2 = .055) on the level of acceptance of alert output as indicated by sum of participants' scores for Attitude Toward Using (AU) between-subjects Intention To Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.378, p = .040, ηp2 = .053) on the level of acceptance of alert output as indicated by sum of participants' scores for Intention to Use (IU) between-subjects
Findings – RQ1 • RQ1: Is there a difference in the level of acceptance of security alert output between those with a preference for visual alert outputs (VAO) and those with a preference for text alert outputs (TAO), withVAO andTAO generated via data science/machine learning methods, as predicted by the Technology Acceptance Model (TAM)? Yes. • Non-parametric (between-subjects): U = 863.5, p = 0.023 • Parametric: • Within-subjects: (F (1.455, 114.915) = 5.634, p = 0.010, ηp2 = .067) • Between-subjects: (F (1, 79) = 4.111, p = .046, ηp2 = .049)
Findings – SQ1 • SQ1: Does the adoption ofVAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? In part. • TheTAM components perceived usability (PU) and perceived ease of use (PEU) are not significantly influenced by the adoption ofVAO within-subjects while attitude toward using (AU), and intention to use (IU) are significantly influenced by the adoption ofVAO within-subjects. • TheTAM component perceived usability (PU) is significantly influenced by the adoption ofVAO between-subjects.
Findings – SQ2 • SQ2: Does the adoption ofTAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? No. • No individualTAM component is significantly influenced byTAO adoption, andTAO adoption trailedVAO in near totality.
Recommendations for Research • Security analysts likely seek an initial visual alert inclusive of the options to dive deeper into the raw data. A future study could expose the degree to which analysts seek multifaceted options • A future study could further explore the perceptions of, and interactions with, dynamic visualizations versus static visualizations • Further explore, even under online survey constraints, a framework that more robustly assesses user experience • Opportunity exists to develop more nuanced data where information specific to participant gender, location, age group, company or organization size, and business sector could lead to improved insights
Thank you Questions? Once in a while, you get shown the light In the strangest of places if you look at it right ~Garcia/Hunter

Recommended

A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...ijseajournal
 
Technology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionTechnology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionManoj Sharma
 
A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...Phuong Dx
 
MLPA for health care presentation smc
MLPA for health care presentation smcMLPA for health care presentation smc
MLPA for health care presentation smcShaun Comfort
 
Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Sonia Whiteley
 
Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Tero Peltola
 
Machine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkMachine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkGabriel Hughes PhD
 
Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Scott Affelt
 

Recommended

A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...A Software Measurement Using Artificial Neural Network and Support Vector Mac...
A Software Measurement Using Artificial Neural Network and Support Vector Mac...ijseajournal
 
Technology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionTechnology Assessment and Refinement for Its Adoption
Technology Assessment and Refinement for Its AdoptionManoj Sharma
 
A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...A data envelopment analysis method for optimizing multi response problem with...
A data envelopment analysis method for optimizing multi response problem with...Phuong Dx
 
MLPA for health care presentation smc
MLPA for health care presentation smcMLPA for health care presentation smc
MLPA for health care presentation smcShaun Comfort
 
Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Total Survey Error across a program of three national surveys: using a risk m...
Total Survey Error across a program of three national surveys: using a risk m...Sonia Whiteley
 
Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Expectations and benefits of utilizing social media tools in new product deve...
Expectations and benefits of utilizing social media tools in new product deve...Tero Peltola
 
Machine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkMachine learning meets user analytics - Metageni tech talk
Machine learning meets user analytics - Metageni tech talkGabriel Hughes PhD
 
Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Opportunities for data analytics in power generation affelt 2016
Opportunities for data analytics in power generation affelt 2016Scott Affelt
 
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...Amit Tyagi
 
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...IAEME Publication
 
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 20151115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015Health Informatics New Zealand
 
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOTRon Pearson
 
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Predictionijsrd.com
 
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Omar F. Althuwaynee
 
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011Mathmodels Net
 
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringNandakumar P
 
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808baratta44
 
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxtheodorelove43763
 
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineeringsarfraznawaz
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikMichael Woods, MD, MMM
 
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Mathmodels Net
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetysarah7887
 
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technologypeertechzpublication
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
 
Science of safety training
Science of safety trainingScience of safety training
Science of safety trainingKrishnan Sankara Narayanan MS, MBA, CPHQ, FASHRM, LHRM
 
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management Seapine Software
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxbinasnasar1
 
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeEditor IJMTER
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 

More Related Content

Similar to Improved Security Detection & Response via Optimized Alert Output: A Usability Study

COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...Amit Tyagi
 
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...IAEME Publication
 
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 20151115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015Health Informatics New Zealand
 
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOTRon Pearson
 
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Predictionijsrd.com
 
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Omar F. Althuwaynee
 
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringNandakumar P
 
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808baratta44
 
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxtheodorelove43763
 
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineeringsarfraznawaz
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikMichael Woods, MD, MMM
 
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Mathmodels Net
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetysarah7887
 
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technologypeertechzpublication
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
 
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management Seapine Software
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxbinasnasar1
 
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeEditor IJMTER
 

Similar to Improved Security Detection & Response via Optimized Alert Output: A Usability Study (20)

COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
 
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
 
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 20151115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015
 
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOT
 
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Prediction
 
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction
 
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011
 
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in Engineering
 
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808
 
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
 
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineering
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
 
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009
 
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safetySadeq abdulwahab management of electrical safety
Sadeq abdulwahab management of electrical safety
 
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technology
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
 
Science of safety training
Science of safety trainingScience of safety training
Science of safety training
 
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptx
 
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing Scheme
 

Recently uploaded

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 

Recently uploaded (20)

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 

Improved Security Detection & Response via Optimized Alert Output: A Usability Study

  • 1. Improved Security Detection & Response via Optimized Alert Output: A Usability Study CapitolTechnology University Dissertation Defense by G. Russell McRee Dissertation Chair: Ian McAndrew PhD FRAeS Dissertation Committee: Dr. Atta-Ur-Rahman (Examiner), Allen H. Exner (Ex Officio) 17 AUG 2021
  • 2. Statement of the Problem • Organizations risk data breach, loss of valuable human resources, reputation, and revenue due to excessive security alert volume and a lack of fidelity in security event data • These organizations face a large burden due to alert overload, where 99% of security professionals surveyed acknowledge that high volumes of security alerts are problematic
  • 3. Rationale for the Study • This study addresses challenges inherent in data overload and complexity, using security data analytics derived from machine learning (ML) and data science models that produce alert output for analysts • Security analysts benefit in two ways: • Efficiency of results derived at scale via ML models • Benefit of quality alert results derived from the same models.
  • 4. Literature Overview • Security data visualization can be used to address related human cognitive limitations (Rajivan, 2011) • Giacobe (2013) discussed the effectiveness of visual analytics and data fusion techniques on situation awareness in cyber-security, and focused on visual analytics, data fusion, and cybersecurity • Giacobe found that participants using the visual analytics (VA) interface performed better than those on the text-oriented interface, where the visual analytic interface yielded a performance that was quicker and more accurate that the text interface. • Giacobe conducted an experiment and survey separately • This study merged quasi-experiment in survey
  • 5. Research Methodology/Design • Quantitative, quasi-experimental, explanatory study • TechnologyAcceptance Model (TAM) • Methodology utilized to statistically measure security analysts’ acceptance of two security alert output types: visual alert output (VAO) & text alert output (TAO) • A qualitative methodology & design was not considered as the business problem is one of data.The study’s data-driven findings can contribute to data-informed business decisions.
  • 6. Data Analysis • DV: level of acceptance of the security alert output and is based on the four individual TAM components: PU, PEU, AU, and IU • Within-subjects IV: Scenario (3x), all participants subject to all scenarios • Between-subjects IV: Maximum Visual • Two levels: a preference forVAO in all three scenarios, and a preference forTAO in at least one of the scenarios • Mixed ANOVA to test level of acceptance of alert outputs as influenced by the within- subjects variable Scenario and the between-subjects variable Maximum Visual • Mann-Whitney U test performed to compare level of acceptance of alert outputs of the two levels of MaximumVisual • Friedman test performed to compare level of acceptance across the three scenarios
  • 7. Findings (non-parametric) Significant difference (U = 863.5, p = 0.023) in level of acceptance of alert output between respondents who selected visual output across all scenarios (n = 59) compared to the respondents who provided mixed responses (n = 22). No significant difference between scenarios (𝑥^2 (2)=5.496, 𝑝< .064). Scenario mean ranks did not differ significantly from scenario to scenario when not also factoring for responses based on output preference (MaximumVisual).
  • 8. Findings – Mixed ANOVA AllTAM measures (α = .05): a significant main effect of MaximumVisual scores (F(1, 79) = 4.111, p = .046, ηp2 = .049) on the level of acceptance of alert output as indicated by sum of participants' scores for allTAM components (PU, PEU, AU, and IU) between-subjects
  • 9. Perceived Usability (α = .0125): a significant main effect of MaximumVisual scores (F(1, 79) = 7.643, p = .007, ηp2 = .088) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Usability (PU) between-subjects Perceived Ease of Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = .842, p = .362, ηp2 = .011) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Ease of Use (PEU) between-subjects Findings: Mixed ANOVA
  • 10. Findings: Mixed ANOVA AttitudeToward Using (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.566, p = .036, ηp2 = .055) on the level of acceptance of alert output as indicated by sum of participants' scores for Attitude Toward Using (AU) between-subjects Intention To Use (α = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.378, p = .040, ηp2 = .053) on the level of acceptance of alert output as indicated by sum of participants' scores for Intention to Use (IU) between-subjects
  • 11. Findings – RQ1 • RQ1: Is there a difference in the level of acceptance of security alert output between those with a preference for visual alert outputs (VAO) and those with a preference for text alert outputs (TAO), withVAO andTAO generated via data science/machine learning methods, as predicted by the Technology Acceptance Model (TAM)? Yes. • Non-parametric (between-subjects): U = 863.5, p = 0.023 • Parametric: • Within-subjects: (F (1.455, 114.915) = 5.634, p = 0.010, ηp2 = .067) • Between-subjects: (F (1, 79) = 4.111, p = .046, ηp2 = .049)
  • 12. Findings – SQ1 • SQ1: Does the adoption ofVAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? In part. • TheTAM components perceived usability (PU) and perceived ease of use (PEU) are not significantly influenced by the adoption ofVAO within-subjects while attitude toward using (AU), and intention to use (IU) are significantly influenced by the adoption ofVAO within-subjects. • TheTAM component perceived usability (PU) is significantly influenced by the adoption ofVAO between-subjects.
  • 13. Findings – SQ2 • SQ2: Does the adoption ofTAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? No. • No individualTAM component is significantly influenced byTAO adoption, andTAO adoption trailedVAO in near totality.
  • 14. Recommendations for Research • Security analysts likely seek an initial visual alert inclusive of the options to dive deeper into the raw data. A future study could expose the degree to which analysts seek multifaceted options • A future study could further explore the perceptions of, and interactions with, dynamic visualizations versus static visualizations • Further explore, even under online survey constraints, a framework that more robustly assesses user experience • Opportunity exists to develop more nuanced data where information specific to participant gender, location, age group, company or organization size, and business sector could lead to improved insights
  • 15. Thank you Questions? Once in a while, you get shown the light In the strangest of places if you look at it right ~Garcia/Hunter