The University of Southampton
University of Southampton Institutional Repository

EEVi: A model developed to aid the design and evaluation process of cyber-security visualisation for cyber-security analysts

EEVi: A model developed to aid the design and evaluation process of cyber-security visualisation for cyber-security analysts
EEVi: A model developed to aid the design and evaluation process of cyber-security visualisation for cyber-security analysts
The area of visualisation in cyber-security is advancing quickly. At present, there are no standardised guidelines for designing and evaluating visualisations. There is limited end-user involvement in the design process, which leads to visualisations that are generic and often ineffective for cyber-security analysts. This contributes to low adoption of the resulting cyber-security visualisation solutions, highlighting a major research need. This research presents EEVi (Effective Execution of Visualisation), a model developed to aid in the design and evaluation of cyber-security visualisations for cyber-security analysts. ‘Thematic Analysis’, a qualitative data analysis technique, was used to develop EEVi. 13 experts were interviewed (seven cyber-security analysts and six visualisation designers) to validate this model. Their feedback guided revisions to the model and was subsequently used to perform statistical analyses. This demonstrated that there were no statistically significant differences between visualisation designers and cyber-security analysts. Neither was there statistically significant agreement. The individual responses led to modification of the component tasks of the model. The modified model was confirmed by 30 respondents, primarily from cyber-security, through an online questionnaire. This confirmed the model’s relevance, and validity, guiding the revision of the component tasks. The confirmed model, were used to create a work-domain analysis (abstraction hierarchy) diagram and mockups to demonstrate a possible real-world utilisation of EEVi. These were evaluated by 10 experts (five cyber-security analysts and five visualisation designers) and their feedback validated the notion that, with a common structure the disparity of understanding between cyber-security analysts and visualisation designers can be minimised. The questionnaire responses were also used to formulate a quantitative value calculator called C-EEVi (Calculator for EEVi) using the ‘Analytical Hierarchy Process’. C-EEVi can be used to score cyber-security visualisation solutions for a performed task.

This work has developed a model, EEVi, to help design cyber-security visualisations for cyber-security analysts to perform a specific task. The abstraction hierarchy diagram of EEVi provides a basis for communication between cyber-security analysts and visualisation designers. Lastly, C-EEVi evaluates cyber-security visualisation solutions for a task, by allocating them a quantitative value score. These address the major research gaps identified in this thesis.
University of Southampton
Sethi, Aneesha
d28f4d06-34fe-4b65-b816-d92ccbbff6f3
Sethi, Aneesha
d28f4d06-34fe-4b65-b816-d92ccbbff6f3
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Sethi, Aneesha (2019) EEVi: A model developed to aid the design and evaluation process of cyber-security visualisation for cyber-security analysts. University of Southampton, Doctoral Thesis, 312pp.

Record type: Thesis (Doctoral)

Abstract

The area of visualisation in cyber-security is advancing quickly. At present, there are no standardised guidelines for designing and evaluating visualisations. There is limited end-user involvement in the design process, which leads to visualisations that are generic and often ineffective for cyber-security analysts. This contributes to low adoption of the resulting cyber-security visualisation solutions, highlighting a major research need. This research presents EEVi (Effective Execution of Visualisation), a model developed to aid in the design and evaluation of cyber-security visualisations for cyber-security analysts. ‘Thematic Analysis’, a qualitative data analysis technique, was used to develop EEVi. 13 experts were interviewed (seven cyber-security analysts and six visualisation designers) to validate this model. Their feedback guided revisions to the model and was subsequently used to perform statistical analyses. This demonstrated that there were no statistically significant differences between visualisation designers and cyber-security analysts. Neither was there statistically significant agreement. The individual responses led to modification of the component tasks of the model. The modified model was confirmed by 30 respondents, primarily from cyber-security, through an online questionnaire. This confirmed the model’s relevance, and validity, guiding the revision of the component tasks. The confirmed model, were used to create a work-domain analysis (abstraction hierarchy) diagram and mockups to demonstrate a possible real-world utilisation of EEVi. These were evaluated by 10 experts (five cyber-security analysts and five visualisation designers) and their feedback validated the notion that, with a common structure the disparity of understanding between cyber-security analysts and visualisation designers can be minimised. The questionnaire responses were also used to formulate a quantitative value calculator called C-EEVi (Calculator for EEVi) using the ‘Analytical Hierarchy Process’. C-EEVi can be used to score cyber-security visualisation solutions for a performed task.

This work has developed a model, EEVi, to help design cyber-security visualisations for cyber-security analysts to perform a specific task. The abstraction hierarchy diagram of EEVi provides a basis for communication between cyber-security analysts and visualisation designers. Lastly, C-EEVi evaluates cyber-security visualisation solutions for a task, by allocating them a quantitative value score. These address the major research gaps identified in this thesis.

Text
Thesis (8) - Version of Record
Available under License University of Southampton Thesis Licence.
Download (37MB)

More information

Published date: June 2019

Identifiers

Local EPrints ID: 433529
URI: http://eprints.soton.ac.uk/id/eprint/433529
PURE UUID: f744947f-06a4-4d86-b6e8-bbc2a4d15af1
ORCID for Aneesha Sethi: ORCID iD orcid.org/0000-0002-9624-9841
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 27 Aug 2019 16:30
Last modified: 30 Jun 2020 04:01

Export record

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×