ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo
Improved Security Detection & Response via
Optimized Alert Output: A Usability Study
CapitolTechnology University
Dissertation Defense
by
G. Russell McRee
Dissertation Chair: Ian McAndrew PhD FRAeS
Dissertation Committee: Dr. Atta-Ur-Rahman (Examiner), Allen H. Exner (Ex Officio)
17 AUG 2021
Statement of the Problem
? Organizations risk data breach, loss of valuable human resources,
reputation, and revenue due to excessive security alert volume and a lack of
fidelity in security event data
? These organizations face a large burden due to alert overload, where 99% of
security professionals surveyed acknowledge that high volumes of security
alerts are problematic
Rationale for the Study
? This study addresses challenges inherent in data overload and complexity,
using security data analytics derived from machine learning (ML) and data
science models that produce alert output for analysts
? Security analysts benefit in two ways:
? Efficiency of results derived at scale via ML models
? Benefit of quality alert results derived from the same models.
Literature Overview
? Security data visualization can be used to address related human cognitive
limitations (Rajivan, 2011)
? Giacobe (2013) discussed the effectiveness of visual analytics and data
fusion techniques on situation awareness in cyber-security, and focused on
visual analytics, data fusion, and cybersecurity
? Giacobe found that participants using the visual analytics (VA) interface performed
better than those on the text-oriented interface, where the visual analytic interface
yielded a performance that was quicker and more accurate that the text interface.
? Giacobe conducted an experiment and survey separately
? This study merged quasi-experiment in survey
Research Methodology/Design
? Quantitative, quasi-experimental, explanatory study
? TechnologyAcceptance Model (TAM)
? Methodology utilized to statistically measure security analysts¡¯ acceptance
of two security alert output types: visual alert output (VAO) & text alert
output (TAO)
? A qualitative methodology & design was not considered as the business
problem is one of data.The study¡¯s data-driven findings can contribute to
data-informed business decisions.
Data Analysis
? DV: level of acceptance of the security alert output and is based on the four individual
TAM components: PU, PEU, AU, and IU
? Within-subjects IV: Scenario (3x), all participants subject to all scenarios
? Between-subjects IV: Maximum Visual
? Two levels: a preference forVAO in all three scenarios, and a preference forTAO in at least one
of the scenarios
? Mixed ANOVA to test level of acceptance of alert outputs as influenced by the within-
subjects variable Scenario and the between-subjects variable Maximum Visual
? Mann-Whitney U test performed to compare level of acceptance of alert outputs of
the two levels of MaximumVisual
? Friedman test performed to compare level of acceptance across the three scenarios
Findings (non-parametric)
Significant difference (U = 863.5, p = 0.023) in level
of acceptance of alert output between
respondents who selected visual output across all
scenarios (n = 59) compared to the respondents
who provided mixed responses (n = 22).
No significant difference between scenarios (?^2
(2)=5.496, ?< .064). Scenario mean ranks did not differ
significantly from scenario to scenario when not also
factoring for responses based on output preference
(MaximumVisual).
Findings ¨C Mixed ANOVA
AllTAM measures (¦Á = .05): a significant main effect of
MaximumVisual scores (F(1, 79) = 4.111, p = .046, ¦Çp2 = .049)
on the level of acceptance of alert output as indicated by
sum of participants' scores for allTAM components (PU,
PEU, AU, and IU) between-subjects
Perceived Usability (¦Á = .0125): a significant
main effect of MaximumVisual scores (F(1, 79)
= 7.643, p = .007, ¦Çp2 = .088) on the level of
acceptance of alert output as indicated by sum
of participants' scores for Perceived Usability
(PU) between-subjects
Perceived Ease of Use (¦Á = .0125): an insignificant main
effect of MaximumVisual scores (F(1, 79) = .842, p = .362,
¦Çp2 = .011) on the level of acceptance of alert output as
indicated by sum of participants' scores for Perceived Ease
of Use (PEU) between-subjects
Findings:
Mixed
ANOVA
Findings:
Mixed
ANOVA
AttitudeToward Using (¦Á = .0125): an
insignificant main effect of MaximumVisual
scores (F(1, 79) = 4.566, p = .036, ¦Çp2 = .055) on
the level of acceptance of alert output as
indicated by sum of participants' scores for
Attitude Toward Using (AU) between-subjects
Intention To Use (¦Á = .0125): an insignificant main
effect of MaximumVisual scores (F(1, 79) = 4.378, p =
.040, ¦Çp2 = .053) on the level of acceptance of alert
output as indicated by sum of participants' scores for
Intention to Use (IU) between-subjects
Findings ¨C RQ1
? RQ1: Is there a difference in the level of acceptance of security alert output
between those with a preference for visual alert outputs (VAO) and those
with a preference for text alert outputs (TAO), withVAO andTAO
generated via data science/machine learning methods, as predicted by the
Technology Acceptance Model (TAM)? Yes.
? Non-parametric (between-subjects): U = 863.5, p = 0.023
? Parametric:
? Within-subjects: (F (1.455, 114.915) = 5.634, p = 0.010, ¦Çp2 = .067)
? Between-subjects: (F (1, 79) = 4.111, p = .046, ¦Çp2 = .049)
Findings ¨C SQ1
? SQ1: Does the adoption ofVAO have a significant impact on the four
individualTAM components, perceived usefulness (PU), perceived ease of
use (PEU), attitude toward using (AU), and intention to use (IU)? In part.
? TheTAM components perceived usability (PU) and perceived ease of
use (PEU) are not significantly influenced by the adoption ofVAO
within-subjects while attitude toward using (AU), and intention to use
(IU) are significantly influenced by the adoption ofVAO within-subjects.
? TheTAM component perceived usability (PU) is significantly influenced
by the adoption ofVAO between-subjects.
Findings ¨C SQ2
? SQ2: Does the adoption ofTAO have a significant impact on the four
individualTAM components, perceived usefulness (PU), perceived ease of
use (PEU), attitude toward using (AU), and intention to use (IU)? No.
? No individualTAM component is significantly influenced byTAO
adoption, andTAO adoption trailedVAO in near totality.
Recommendations for Research
? Security analysts likely seek an initial visual alert inclusive of the options to
dive deeper into the raw data. A future study could expose the degree to
which analysts seek multifaceted options
? A future study could further explore the perceptions of, and interactions
with, dynamic visualizations versus static visualizations
? Further explore, even under online survey constraints, a framework that
more robustly assesses user experience
? Opportunity exists to develop more nuanced data where information
specific to participant gender, location, age group, company or organization
size, and business sector could lead to improved insights
Thank you
Questions?
Once in a while, you get shown the light
In the strangest of places if you look at it right
~Garcia/Hunter

More Related Content

Similar to Improved Security Detection & Response via Optimized Alert Output: A Usability Study (20)

COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
Amit Tyagi
?
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
IAEME Publication
?
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi   for christchurch nz oct 20151115 wyatt wheres the science in hi   for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015
Health Informatics New Zealand
?
IAQ Modeling SOT
IAQ Modeling SOTIAQ Modeling SOT
IAQ Modeling SOT
Ron Pearson
?
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Prediction
ijsrd.com
?
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction
Omar F. Althuwaynee
?
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011
Mathmodels Net
?
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in Engineering
Nandakumar P
?
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808
baratta44
?
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
theodorelove43763
?
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineering
sarfraznawaz
?
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
Michael Woods, MD, MMM
?
Kostogryzov 10.12.2009
Kostogryzov 10.12.2009Kostogryzov 10.12.2009
Kostogryzov 10.12.2009
Mathmodels Net
?
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab  management of electrical safetySadeq abdulwahab  management of electrical safety
Sadeq abdulwahab management of electrical safety
sarah7887
?
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technology
peertechzpublication
?
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
?
Science of safety training
Science of safety trainingScience of safety training
Science of safety training
Krishnan Sankara Narayanan MS, MBA, CPHQ, FASHRM, LHRM
?
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management
Seapine Software
?
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptx
Binu Nasar
?
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing Scheme
Editor IJMTER
?
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMP...
Amit Tyagi
?
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
Hybrid layer of protection analysis and bow tie analysis with fuzzy approach ...
IAEME Publication
?
1115 wyatt wheres the science in hi for christchurch nz oct 2015
1115 wyatt wheres the science in hi   for christchurch nz oct 20151115 wyatt wheres the science in hi   for christchurch nz oct 2015
1115 wyatt wheres the science in hi for christchurch nz oct 2015
Health Informatics New Zealand
?
Guidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability PredictionGuidelines to Understanding Design of Experiment and Reliability Prediction
Guidelines to Understanding Design of Experiment and Reliability Prediction
ijsrd.com
?
Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction Using Decision trees with GIS data for modeling and prediction
Using Decision trees with GIS data for modeling and prediction
Omar F. Althuwaynee
?
Unit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in EngineeringUnit-3 Professional Ethics in Engineering
Unit-3 Professional Ethics in Engineering
Nandakumar P
?
Sia Presentation100808
Sia Presentation100808Sia Presentation100808
Sia Presentation100808
baratta44
?
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docxDescriptive Statistics and Interpretation Grading GuideQNT5.docx
Descriptive Statistics and Interpretation Grading GuideQNT5.docx
theodorelove43763
?
Empirical research methods for software engineering
Empirical research methods for software engineeringEmpirical research methods for software engineering
Empirical research methods for software engineering
sarfraznawaz
?
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
Michael Woods, MD, MMM
?
Sadeq abdulwahab management of electrical safety
Sadeq abdulwahab  management of electrical safetySadeq abdulwahab  management of electrical safety
Sadeq abdulwahab management of electrical safety
sarah7887
?
Trends in Computer Science and Information Technology
Trends in Computer Science and Information TechnologyTrends in Computer Science and Information Technology
Trends in Computer Science and Information Technology
peertechzpublication
?
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
?
Pragmatic Device Risk Management
Pragmatic Device Risk Management Pragmatic Device Risk Management
Pragmatic Device Risk Management
Seapine Software
?
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptx
Binu Nasar
?
Software Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing SchemeSoftware Quality Analysis Using Mutation Testing Scheme
Software Quality Analysis Using Mutation Testing Scheme
Editor IJMTER
?

Recently uploaded (20)

Recruiting Tech: A Look at Why AI is Actually OG
Recruiting Tech: A Look at Why AI is Actually OGRecruiting Tech: A Look at Why AI is Actually OG
Recruiting Tech: A Look at Why AI is Actually OG
Matt Charney
?
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
Ivan Tang
?
Innovative Web Design | Malachite Technologies
Innovative Web Design | Malachite TechnologiesInnovative Web Design | Malachite Technologies
Innovative Web Design | Malachite Technologies
malachitetechnologie1
?
GDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AI
GDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AIGDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AI
GDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AI
James Anderson
?
Build with AI on Google Cloud Session #5
Build with AI on Google Cloud Session #5Build with AI on Google Cloud Session #5
Build with AI on Google Cloud Session #5
Margaret Maynard-Reid
?
Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...
Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...
Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...
voginip
?
SAP Automation with UiPath: SAP Test Automation - Part 5 of 8
SAP Automation with UiPath: SAP Test Automation - Part 5 of 8SAP Automation with UiPath: SAP Test Automation - Part 5 of 8
SAP Automation with UiPath: SAP Test Automation - Part 5 of 8
DianaGray10
?
Build Your Uber Clone App with Advanced Features
Build Your Uber Clone App with Advanced FeaturesBuild Your Uber Clone App with Advanced Features
Build Your Uber Clone App with Advanced Features
V3cube
?
202408_JAWSPANKRATION_Introduction_of_Minaden.pdf
202408_JAWSPANKRATION_Introduction_of_Minaden.pdf202408_JAWSPANKRATION_Introduction_of_Minaden.pdf
202408_JAWSPANKRATION_Introduction_of_Minaden.pdf
NTTDOCOMO-ServiceInnovation
?
Harnessing the Power of AI in Salesforce.pdf
Harnessing the Power of AI in Salesforce.pdfHarnessing the Power of AI in Salesforce.pdf
Harnessing the Power of AI in Salesforce.pdf
rabiabajaj1
?
The Road to SAP S4HANA Cloud with SAP Activate.pptx
The Road to SAP S4HANA Cloud with SAP Activate.pptxThe Road to SAP S4HANA Cloud with SAP Activate.pptx
The Road to SAP S4HANA Cloud with SAP Activate.pptx
zsbaranyai
?
Rene-Peinado-A-Maritime-Professionals-Journey---.pptx
Rene-Peinado-A-Maritime-Professionals-Journey---.pptxRene-Peinado-A-Maritime-Professionals-Journey---.pptx
Rene-Peinado-A-Maritime-Professionals-Journey---.pptx
Rene Peinado
?
How Telemedicine App Development is Revolutionizing Virtual Care.pptx
How Telemedicine App Development is Revolutionizing Virtual Care.pptxHow Telemedicine App Development is Revolutionizing Virtual Care.pptx
How Telemedicine App Development is Revolutionizing Virtual Care.pptx
Dash Technologies Inc
?
How Air Coil Inductors Work By Cet Technology
How Air Coil Inductors Work By Cet TechnologyHow Air Coil Inductors Work By Cet Technology
How Air Coil Inductors Work By Cet Technology
CET Technology
?
Building High-Impact Teams Beyond the Product Triad.pdf
Building High-Impact Teams Beyond the Product Triad.pdfBuilding High-Impact Teams Beyond the Product Triad.pdf
Building High-Impact Teams Beyond the Product Triad.pdf
Rafael Burity
?
STARLINK-JIO-AIRTEL Security issues to Ponder
STARLINK-JIO-AIRTEL Security issues to PonderSTARLINK-JIO-AIRTEL Security issues to Ponder
STARLINK-JIO-AIRTEL Security issues to Ponder
anupriti
?
RBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptx
RBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptxRBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptx
RBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptx
quinlan4
?
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptxHHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HampshireHUG
?
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-WorldAll-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
Safe Software
?
AI in Talent Acquisition: Boosting Hiring
AI in Talent Acquisition: Boosting HiringAI in Talent Acquisition: Boosting Hiring
AI in Talent Acquisition: Boosting Hiring
Beyond Chiefs
?
Recruiting Tech: A Look at Why AI is Actually OG
Recruiting Tech: A Look at Why AI is Actually OGRecruiting Tech: A Look at Why AI is Actually OG
Recruiting Tech: A Look at Why AI is Actually OG
Matt Charney
?
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
Ivan Tang
?
Innovative Web Design | Malachite Technologies
Innovative Web Design | Malachite TechnologiesInnovative Web Design | Malachite Technologies
Innovative Web Design | Malachite Technologies
malachitetechnologie1
?
GDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AI
GDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AIGDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AI
GDG Cloud Southlake #41: Shay Levi: Beyond the Hype:How Enterprises Are Using AI
James Anderson
?
Build with AI on Google Cloud Session #5
Build with AI on Google Cloud Session #5Build with AI on Google Cloud Session #5
Build with AI on Google Cloud Session #5
Margaret Maynard-Reid
?
Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...
Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...
Rens van de Schoot - Mensen, machines en de zoektocht naar het laatste releva...
voginip
?
SAP Automation with UiPath: SAP Test Automation - Part 5 of 8
SAP Automation with UiPath: SAP Test Automation - Part 5 of 8SAP Automation with UiPath: SAP Test Automation - Part 5 of 8
SAP Automation with UiPath: SAP Test Automation - Part 5 of 8
DianaGray10
?
Build Your Uber Clone App with Advanced Features
Build Your Uber Clone App with Advanced FeaturesBuild Your Uber Clone App with Advanced Features
Build Your Uber Clone App with Advanced Features
V3cube
?
Harnessing the Power of AI in Salesforce.pdf
Harnessing the Power of AI in Salesforce.pdfHarnessing the Power of AI in Salesforce.pdf
Harnessing the Power of AI in Salesforce.pdf
rabiabajaj1
?
The Road to SAP S4HANA Cloud with SAP Activate.pptx
The Road to SAP S4HANA Cloud with SAP Activate.pptxThe Road to SAP S4HANA Cloud with SAP Activate.pptx
The Road to SAP S4HANA Cloud with SAP Activate.pptx
zsbaranyai
?
Rene-Peinado-A-Maritime-Professionals-Journey---.pptx
Rene-Peinado-A-Maritime-Professionals-Journey---.pptxRene-Peinado-A-Maritime-Professionals-Journey---.pptx
Rene-Peinado-A-Maritime-Professionals-Journey---.pptx
Rene Peinado
?
How Telemedicine App Development is Revolutionizing Virtual Care.pptx
How Telemedicine App Development is Revolutionizing Virtual Care.pptxHow Telemedicine App Development is Revolutionizing Virtual Care.pptx
How Telemedicine App Development is Revolutionizing Virtual Care.pptx
Dash Technologies Inc
?
How Air Coil Inductors Work By Cet Technology
How Air Coil Inductors Work By Cet TechnologyHow Air Coil Inductors Work By Cet Technology
How Air Coil Inductors Work By Cet Technology
CET Technology
?
Building High-Impact Teams Beyond the Product Triad.pdf
Building High-Impact Teams Beyond the Product Triad.pdfBuilding High-Impact Teams Beyond the Product Triad.pdf
Building High-Impact Teams Beyond the Product Triad.pdf
Rafael Burity
?
STARLINK-JIO-AIRTEL Security issues to Ponder
STARLINK-JIO-AIRTEL Security issues to PonderSTARLINK-JIO-AIRTEL Security issues to Ponder
STARLINK-JIO-AIRTEL Security issues to Ponder
anupriti
?
RBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptx
RBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptxRBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptx
RBM - PIXIAGE - AskPixi Page - Inpixon-MWC 2025.pptx
quinlan4
?
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptxHHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HampshireHUG
?
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-WorldAll-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
Safe Software
?
AI in Talent Acquisition: Boosting Hiring
AI in Talent Acquisition: Boosting HiringAI in Talent Acquisition: Boosting Hiring
AI in Talent Acquisition: Boosting Hiring
Beyond Chiefs
?

Improved Security Detection & Response via Optimized Alert Output: A Usability Study

  • 1. Improved Security Detection & Response via Optimized Alert Output: A Usability Study CapitolTechnology University Dissertation Defense by G. Russell McRee Dissertation Chair: Ian McAndrew PhD FRAeS Dissertation Committee: Dr. Atta-Ur-Rahman (Examiner), Allen H. Exner (Ex Officio) 17 AUG 2021
  • 2. Statement of the Problem ? Organizations risk data breach, loss of valuable human resources, reputation, and revenue due to excessive security alert volume and a lack of fidelity in security event data ? These organizations face a large burden due to alert overload, where 99% of security professionals surveyed acknowledge that high volumes of security alerts are problematic
  • 3. Rationale for the Study ? This study addresses challenges inherent in data overload and complexity, using security data analytics derived from machine learning (ML) and data science models that produce alert output for analysts ? Security analysts benefit in two ways: ? Efficiency of results derived at scale via ML models ? Benefit of quality alert results derived from the same models.
  • 4. Literature Overview ? Security data visualization can be used to address related human cognitive limitations (Rajivan, 2011) ? Giacobe (2013) discussed the effectiveness of visual analytics and data fusion techniques on situation awareness in cyber-security, and focused on visual analytics, data fusion, and cybersecurity ? Giacobe found that participants using the visual analytics (VA) interface performed better than those on the text-oriented interface, where the visual analytic interface yielded a performance that was quicker and more accurate that the text interface. ? Giacobe conducted an experiment and survey separately ? This study merged quasi-experiment in survey
  • 5. Research Methodology/Design ? Quantitative, quasi-experimental, explanatory study ? TechnologyAcceptance Model (TAM) ? Methodology utilized to statistically measure security analysts¡¯ acceptance of two security alert output types: visual alert output (VAO) & text alert output (TAO) ? A qualitative methodology & design was not considered as the business problem is one of data.The study¡¯s data-driven findings can contribute to data-informed business decisions.
  • 6. Data Analysis ? DV: level of acceptance of the security alert output and is based on the four individual TAM components: PU, PEU, AU, and IU ? Within-subjects IV: Scenario (3x), all participants subject to all scenarios ? Between-subjects IV: Maximum Visual ? Two levels: a preference forVAO in all three scenarios, and a preference forTAO in at least one of the scenarios ? Mixed ANOVA to test level of acceptance of alert outputs as influenced by the within- subjects variable Scenario and the between-subjects variable Maximum Visual ? Mann-Whitney U test performed to compare level of acceptance of alert outputs of the two levels of MaximumVisual ? Friedman test performed to compare level of acceptance across the three scenarios
  • 7. Findings (non-parametric) Significant difference (U = 863.5, p = 0.023) in level of acceptance of alert output between respondents who selected visual output across all scenarios (n = 59) compared to the respondents who provided mixed responses (n = 22). No significant difference between scenarios (?^2 (2)=5.496, ?< .064). Scenario mean ranks did not differ significantly from scenario to scenario when not also factoring for responses based on output preference (MaximumVisual).
  • 8. Findings ¨C Mixed ANOVA AllTAM measures (¦Á = .05): a significant main effect of MaximumVisual scores (F(1, 79) = 4.111, p = .046, ¦Çp2 = .049) on the level of acceptance of alert output as indicated by sum of participants' scores for allTAM components (PU, PEU, AU, and IU) between-subjects
  • 9. Perceived Usability (¦Á = .0125): a significant main effect of MaximumVisual scores (F(1, 79) = 7.643, p = .007, ¦Çp2 = .088) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Usability (PU) between-subjects Perceived Ease of Use (¦Á = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = .842, p = .362, ¦Çp2 = .011) on the level of acceptance of alert output as indicated by sum of participants' scores for Perceived Ease of Use (PEU) between-subjects Findings: Mixed ANOVA
  • 10. Findings: Mixed ANOVA AttitudeToward Using (¦Á = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.566, p = .036, ¦Çp2 = .055) on the level of acceptance of alert output as indicated by sum of participants' scores for Attitude Toward Using (AU) between-subjects Intention To Use (¦Á = .0125): an insignificant main effect of MaximumVisual scores (F(1, 79) = 4.378, p = .040, ¦Çp2 = .053) on the level of acceptance of alert output as indicated by sum of participants' scores for Intention to Use (IU) between-subjects
  • 11. Findings ¨C RQ1 ? RQ1: Is there a difference in the level of acceptance of security alert output between those with a preference for visual alert outputs (VAO) and those with a preference for text alert outputs (TAO), withVAO andTAO generated via data science/machine learning methods, as predicted by the Technology Acceptance Model (TAM)? Yes. ? Non-parametric (between-subjects): U = 863.5, p = 0.023 ? Parametric: ? Within-subjects: (F (1.455, 114.915) = 5.634, p = 0.010, ¦Çp2 = .067) ? Between-subjects: (F (1, 79) = 4.111, p = .046, ¦Çp2 = .049)
  • 12. Findings ¨C SQ1 ? SQ1: Does the adoption ofVAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? In part. ? TheTAM components perceived usability (PU) and perceived ease of use (PEU) are not significantly influenced by the adoption ofVAO within-subjects while attitude toward using (AU), and intention to use (IU) are significantly influenced by the adoption ofVAO within-subjects. ? TheTAM component perceived usability (PU) is significantly influenced by the adoption ofVAO between-subjects.
  • 13. Findings ¨C SQ2 ? SQ2: Does the adoption ofTAO have a significant impact on the four individualTAM components, perceived usefulness (PU), perceived ease of use (PEU), attitude toward using (AU), and intention to use (IU)? No. ? No individualTAM component is significantly influenced byTAO adoption, andTAO adoption trailedVAO in near totality.
  • 14. Recommendations for Research ? Security analysts likely seek an initial visual alert inclusive of the options to dive deeper into the raw data. A future study could expose the degree to which analysts seek multifaceted options ? A future study could further explore the perceptions of, and interactions with, dynamic visualizations versus static visualizations ? Further explore, even under online survey constraints, a framework that more robustly assesses user experience ? Opportunity exists to develop more nuanced data where information specific to participant gender, location, age group, company or organization size, and business sector could lead to improved insights
  • 15. Thank you Questions? Once in a while, you get shown the light In the strangest of places if you look at it right ~Garcia/Hunter