Research Commons
      • Browse 
        • Communities & Collections
        • Titles
        • Authors
        • By Issue Date
        • Subjects
        • Types
        • Series
      • Help 
        • About
        • Collection Policy
        • OA Mandate Guidelines
        • Guidelines FAQ
        • Contact Us
      • My Account 
        • Sign In
        • Register
      View Item 
      •   Research Commons
      • University of Waikato Theses
      • Higher Degree Theses
      • View Item
      •   Research Commons
      • University of Waikato Theses
      • Higher Degree Theses
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Cyber security visualization effectiveness

      Garae, Jeffery
      Thumbnail
      Files
      thesis.pdf
      39.84Mb
      Citation
      Export citation
      Garae, J. (2019). Cyber security visualization effectiveness (Thesis, Doctor of Philosophy (PhD)). The University of Waikato, Hamilton, New Zealand. Retrieved from https://hdl.handle.net/10289/12561
      Permanent Research Commons link: https://hdl.handle.net/10289/12561
      Abstract
      Security visualization utilises predefined data attributes and translates them into visual nodes to form images for the purpose of communicating critical security information to targeted audiences. It is commonly used for two reasons: exploring and reporting purposes thus, sharing insights on suspected security events. However, the challenge of selecting the best visualization out of two or more visualization samples, regardless of existing limitations such as screen dimensions and visual complexities, required users to utilise certain measurement criteria. These criteria urge security visualization researchers, developers and users (viewers) to ask themselves the following two questions: What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analysing, understanding and reporting cyber security incidents?

      This thesis explores a range of effectiveness measurement techniques for web and mobile platforms. We investigated existing effectiveness methods for the design, implementation and user observation phases in security visualizations. Consequently, we identified effectiveness criteria and metrics in applications include visual clarity, visibility, distortion rates and user cognitive response (viewing) times. With the goal of aiding decision making in cyber security operations, we provided a distinctive security visualization paradigm of a full-scale effectiveness measurement (SvEm framework) approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through our SvEm algorithm thus, providing various interactive three-dimensional (3D) visualization applications to enhance both single and multi-user collaboration.

      The SvEm framework involves several key components: (1) web/mobile display dimensions and resolution, (2) security incident entities, (3) user cognitive activators and alerts, (4) working memory load, (5) threat scoring system and (6) the colour usage management. To evaluate effectiveness in our framework, we developed several use cases: (1) VisualProgger - a real-time security visualization analytic application (web and mobile platforms), (2) a security visualization with augmented reality and (3) a security visualization for intelligence tracking and monitoring. In addition, we developed and documented a new security visualization guideline (a SCeeVis pre-standard) as part of the SvEm framework to aid with the design, implementation and observation environments.

      This pre-standard further allowed us to develop our SCeeVis colour chaining standard and a new cognition and working memory (SvEm-CWML) instruction set to enhance the user’s cognition and perception process for security visualizations. As a result, our visualization application outputs effectiveness measurement by capturing and increasing the user's attention span through the process of reducing cognitive load, while increasing the viewer’s memory efficiency. Thus, users have a high potential to gain security insights from a given visualization. Our evaluation shows that, viewers perform better with the existence of prior knowledge of security events and if they operate in a comfortable visual environment. It has also indicated that circular visualization designs attracted and maintained the viewer’s attention. Finally, these discoveries have revealed new research directions for future work relating to effectiveness measurement in security visualization.
      Date
      2019
      Type
      Thesis
      Degree Name
      Doctor of Philosophy (PhD)
      Supervisors
      Apperley, Mark
      Ko, Ryan K.L.
      Publisher
      The University of Waikato
      Rights
      All items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
      Collections
      • Higher Degree Theses [1714]
      Show full item record  

      Usage

      Downloads, last 12 months
      53
       
       

      Usage Statistics

      For this itemFor all of Research Commons

      The University of Waikato - Te Whare Wānanga o WaikatoFeedback and RequestsCopyright and Legal Statement