Visualizations and Analysts

The challenges of CSA discussed in previous chapters call for ways to provide assistance to analysts and decision-makers. In many fields, analyses of complex systems and activities benefit from visualization of data and analytical products. Analysts use images in order to engage their visual perception in identifying features in the data, and to apply the analysts. domain knowledge. One would expect the same to be true in the practice of cyber analysts as they try to form situational awareness of complex networks. Earlier, the Cognition and Technology chapter introduced the topic of visualization: its criticality to the users, e.g., cyber analysts, as well as its pitfalls and limitations. Now, this chapter takes a close look at visualization for Cyber Situational Awareness. We begin with a basic overview of scientific and information visualization, and of recent visualization systems for cyber situation awareness. Then, we outline a set of requirements, derived largely from discussions with expert cyber analysts, for a candidate visualization system. We conclude with a case study of a web-based tool that supports our requirements through the use of charts as a core representation framework. A JavaScript charting library is extended to provide interface flexibility and correlation capabilities to the analysts as they explore different hypotheses about potential cyber attacks. We describe key elements of the design, explain how an analyst.s intent is used to generate different visualizations that provide situation assessment to improve the analyst.s situation awareness, and show how the system allows an analyst to quickly produce a sequence of visualizations to explore specific details about a potential attack as they arise. Data visualization converts raw data into images that allow a viewer to “see” data values and the relationships they form. The motivation is that images allow viewers