Adapting level of detail in user interfaces for Cybersecurity operations

As cybersecurity threats increasingly appear in news headlines, the security industry continues to build state of the art firewall and intrusion detection systems for monitoring activities in complex cyber networks. These systems generate millions of log files and continuous alerts. In order to make sense of cyber data, cyber security and system administrators review and analyze millions of logs using highly summarized views and manual cycles of click-intensive details-on-demand. This is laborious, induces cognitive overload, and is prone to errors resulting in important information and impacts not being seen when most needed. Our research focus is on developing “FocalPoint” a system that provides Adaptive Level of Detail (LOD) in user interfaces for cybersecurity operations. FocalPoint is a recommender system tailored for complex network information structures that reasons about contextual information associated with the network, user tasks, and cognitive load. This facilitates tuning cyber visualization displays thereby improving user performance in perception, comprehension and projection of current Cybersecurity Situational Awareness (Cyber SA). For cyber analysts, having the right information, in context, when most needed without cognitive overload could lead to effective decision making in cyber operations. We provide a use case scenario for FocalPoint with an in-progress prototype and highlight various challenges and potential considerations for building an effective adaptive system.