SUPPORTING COLLABORATION AMONG CYBER SECURITY ANALYSTS THROUGH VISUALIZING THEIR ANALYTICAL REASONING PROCESSES

When a cyber-attack occurred, cyber-defense analysts are faced with large amounts of complex multimedia data in various forms of modality that comes from network monitoring systems and multimedia databases. A real-time response requires analysts to quickly exchange their findings and effectively divide the tasks amongst each other. We proposes a cyber analysis collaboration support system that captures and integrates the analytical process of analysts based on a cognitive model. The system uses a semi-structured representation with a visualization map that visualizes and integrates the analytical process of analysts. The map is designed with usability, accessibility, and User Experience (UX) measures in mind to enable analysts to access each others actions, observations of suspicious network events, and hypotheses about potential cyber-attacks. We evaluated the system with human subjects. The results show that the system enabled the subjects to branch off their hypotheses about possible attacks and to divide their tasks efficiently.