Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study
Employees who have legitimate access to an organization's data may occasionally put sensitive corporate data at risk, either carelessly or maliciously. Ideally, potential breaches should be detected as soon as they occur, but in practice there may be delays, because human analysts are not able...
Main Authors: | , , , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Elsevier
2023-01-01
|
Series: | Heliyon |
Subjects: | |
Online Access: | http://www.sciencedirect.com/science/article/pii/S2405844023002323 |
_version_ | 1811173325808861184 |
---|---|
author | Mu-Huan (Miles) Chung Yuhong (Alisha) Yang Lu Wang Greg Cento Khilan Jerath Parwinder Taank Abhay Raman Jonathan H. Chan Mark H. Chignell |
author_facet | Mu-Huan (Miles) Chung Yuhong (Alisha) Yang Lu Wang Greg Cento Khilan Jerath Parwinder Taank Abhay Raman Jonathan H. Chan Mark H. Chignell |
author_sort | Mu-Huan (Miles) Chung |
collection | DOAJ |
description | Employees who have legitimate access to an organization's data may occasionally put sensitive corporate data at risk, either carelessly or maliciously. Ideally, potential breaches should be detected as soon as they occur, but in practice there may be delays, because human analysts are not able to recognize data exfiltration behaviors quickly enough with the tools available to them. Visualization may improve cybersecurity situation awareness. In this paper, we present a dashboard application for investigating file activity, as a way to improve situation awareness. We developed this dashboard for a wide range of stakeholders within a large financial services company. Cybersecurity experts/analysts, data owners, team leaders/managers, high level administrators, and other investigators all provided input to its design. The use of a co-design approach helped to create trust between users and the new visualization tools, which were built to be compatible with existing work processes. We discuss the user-centered design process that informed the development of the dashboard, and the functionality of its three inter-operable monitoring dashboards. In this case three dashboards were developed covering high-level overview, file volume/type comparison, and individual activity, but the appropriate number and type of dashboards to use will likely vary according to the nature of the detection task). We also present two use cases with usability results and preliminary usage data. The results presented examined the amount of use that the dashboards received as well as measures obtained using the Technology Acceptance Model (TAM). We also report user comments about the dashboards and how to improve them. |
first_indexed | 2024-04-10T17:45:03Z |
format | Article |
id | doaj.art-19120b7dfb9c4fa4a87b82e8993775e4 |
institution | Directory Open Access Journal |
issn | 2405-8440 |
language | English |
last_indexed | 2024-04-10T17:45:03Z |
publishDate | 2023-01-01 |
publisher | Elsevier |
record_format | Article |
series | Heliyon |
spelling | doaj.art-19120b7dfb9c4fa4a87b82e8993775e42023-02-03T05:00:13ZengElsevierHeliyon2405-84402023-01-0191e13025Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case studyMu-Huan (Miles) Chung0Yuhong (Alisha) Yang1Lu Wang2Greg Cento3Khilan Jerath4Parwinder Taank5Abhay Raman6Jonathan H. Chan7Mark H. Chignell8Mechanical and Industrial Engineering, University of Toronto, 5 King's College Rd, Toronto, M5S 3G8, ON, Canada; Corresponding author.Sun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, CanadaMechanical and Industrial Engineering, University of Toronto, 5 King's College Rd, Toronto, M5S 3G8, ON, CanadaSun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, CanadaSun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, CanadaSun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, CanadaSun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, CanadaInnovative Cognitive Computing (IC2) Research Center, King Mongkut's University of Technology Thonburi, 126 Pracha Uthit Rd, Bang Mot, Thung Khru, Bangkok, 10140, ThailandMechanical and Industrial Engineering, University of Toronto, 5 King's College Rd, Toronto, M5S 3G8, ON, CanadaEmployees who have legitimate access to an organization's data may occasionally put sensitive corporate data at risk, either carelessly or maliciously. Ideally, potential breaches should be detected as soon as they occur, but in practice there may be delays, because human analysts are not able to recognize data exfiltration behaviors quickly enough with the tools available to them. Visualization may improve cybersecurity situation awareness. In this paper, we present a dashboard application for investigating file activity, as a way to improve situation awareness. We developed this dashboard for a wide range of stakeholders within a large financial services company. Cybersecurity experts/analysts, data owners, team leaders/managers, high level administrators, and other investigators all provided input to its design. The use of a co-design approach helped to create trust between users and the new visualization tools, which were built to be compatible with existing work processes. We discuss the user-centered design process that informed the development of the dashboard, and the functionality of its three inter-operable monitoring dashboards. In this case three dashboards were developed covering high-level overview, file volume/type comparison, and individual activity, but the appropriate number and type of dashboards to use will likely vary according to the nature of the detection task). We also present two use cases with usability results and preliminary usage data. The results presented examined the amount of use that the dashboards received as well as measures obtained using the Technology Acceptance Model (TAM). We also report user comments about the dashboards and how to improve them.http://www.sciencedirect.com/science/article/pii/S2405844023002323Security visualizationSituation awarenessData exfiltrationCollaborative dashboard |
spellingShingle | Mu-Huan (Miles) Chung Yuhong (Alisha) Yang Lu Wang Greg Cento Khilan Jerath Parwinder Taank Abhay Raman Jonathan H. Chan Mark H. Chignell Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study Heliyon Security visualization Situation awareness Data exfiltration Collaborative dashboard |
title | Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study |
title_full | Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study |
title_fullStr | Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study |
title_full_unstemmed | Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study |
title_short | Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study |
title_sort | enhancing cybersecurity situation awareness through visualization a usb data exfiltration case study |
topic | Security visualization Situation awareness Data exfiltration Collaborative dashboard |
url | http://www.sciencedirect.com/science/article/pii/S2405844023002323 |
work_keys_str_mv | AT muhuanmileschung enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT yuhongalishayang enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT luwang enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT gregcento enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT khilanjerath enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT parwindertaank enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT abhayraman enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT jonathanhchan enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy AT markhchignell enhancingcybersecuritysituationawarenessthroughvisualizationausbdataexfiltrationcasestudy |