Network Intrusion Detection Cognitive Task Analysis: Textual and Visual Tool Usage and Recommendations

A task analysis is conducted for the complex task of network security engineers, intrusion detection (ID) of computer networks. ID helps engineers protect network from harmful attacks and can be broken down into the following phases: pre-processing information, monitoring the network, analyzing attacks, and responding to attacks. Different cognitive loads are placed on the engineer at each phase. Engineers also need to integrate information from a variety of tools and resources, which adds additional cognitive workload. Visualization tools have been developed to alleviate these workloads but they have had limited success. To address this problem, we make two recommendations: (1) these tools should be designed for use across the phases of ID; this reduces the number of resources used therefore reducing the workload of integrating information across sources, and (2) visualization tools should allow concurrent use of textual tools and resources that provide detailed information and a powerful interface.