Abstract
The previous chapter showed that our understanding about the cognitive reasoning process of cyber analysts is rather limited. Here, we focus on ways to close this knowledge gap. This chapter starts by summarizing the current understanding about the cognitive processes of cyber analysts based on the results of previous cognitive task analyses. It also discusses the challenges and the importance to capture “fine-grained” cognitive reasoning processes. The chapter then illustrates approaches to overcoming these challenges by presenting a framework for non-intrusive capturing and systematic analysis of the cognitive reasoning process of cyber analysts. The framework includes a conceptual model and practical means for the non-intrusive capturing of a cognitive trace of cyber analysts, and extracting the reasoning process of cyber analysts by analyzing the cognitive trace. The framework can be used to conduct experiments for extracting cognitive reasoning processes from professional network analysts. When cognitive traces are available, their characteristics can be analyzed and compared with the performance of the analysts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aamodt, A. and Plaza, E. (1994) “Case-based reasoning: foundational issues, methodological variations, and system approaches.” AI Commun. 7, 1, 39–59.
Bell, J., and Hardiman, R. J. (1989) “The third role – the naturalistic knowledge engineer”, in Knowledge elicitation: Principles, Techniques, and Applications, Dan Diaper (ed.), John Wiley & Sons, New York.
Biros, D., and Eppich, T. (2001) Human Element Key to Intrustion Detection, Signal, p. 31, August.
Boriah, S., Chandola, V., Kumar, V.: (2008) Similarity measures for categorical data: A comparative evaluation. In: SDM, pp. 243–254. SIAM, Philadelphia.
Crandall, B., Klein, G., and Hoffman, R. (2006). Working minds: A practitioner's guide to cognitive task analysis. MIT Press.
Cunningham, P., (2008) “A Taxonomy of Similarity Mechanisms for Case-Based Reasoning,” University College Dublin, Technical Report UCD-CSI-20080-11, January 6.
D’Amico, A., Whitley, K., Tesone, D., O’Brien, B., and Roth, E., (2005) Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts, in Proceedings of the Human Factors and Ergonomics Society 49th Annual Meeting, 229–233.
D’Amico, A. and Whitley, K. (2008) “The Real Work of Computer Network Defense Analysts,” VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, Springer-Verlag Berlin Heidelberg, pp. 19–37.
De Mantaras, R. L., McSherry, D., Bridge, D., Leake, D., Smyth, B., Craw, S., Faltings, B., Maher, M. L., Cox, M. T., Forbus, K., Keane, M., Aamodt, A., and Watson, I. (2005) Retrieval, reuse, revision and retention in case-based reasoning. Knowl. Eng. Rev. 20, 3 (September 2005), 215–240.
Doyle, D. (2005) “A Knowledge-Light Mechanism for Explanation in Case-Based Reasoning,” University of Dublin, Trinity College. Department of Computer Science, Doctoral Thesis TCD-CS-2005-71.
Durkin, J. (1994), “Expert Systems: Design and Development”, Mamillan, New York, NY.
Erbacher, R. F. and Hutchinson, S. E. (2012) “Extending Case-based Reasoning to Network Alert Reporting”, in Proceedings of 2012 International Conference on Cyber Security, pp. 187–194.
Erbacher, R. F., Frincke, D. A., Wong, P. C.,Moody, S. J., Fink, G. A. (2010a) A multi-phase network situational awareness cognitive task analysis, Information Visualization 9(3): 204–219.
Erbacher, R. F., Frincke, D. A., Wong, P. C.,Moody, S. J., Fink, G. A, (2010b) Cognitive task analysis of network analysts and managers for network situational awareness. VDA 2010: 75300
Ericsson, K. A. and Simon, H. A., (1980) “Verbal reports as data”, Psychological Review, 87 (3), pp. 215–251.
Ericsson, K. A. and Simon, H. A., (1993) “Protocol analysis”, MIT Press, Cambridge, MA.
Foresti, S. and Agutter, J., “Cognitive Task Analysis Report,” University of Utah, CROMDI. Funded by ARDA and DOD.
Kolodner, J. (1983) “Reconstructive Memory: A Computer Model,” Cognitive Science 7 (4), pp. 281–328.
Lebowitz, M. (1983) “Memory-based parsing,” Artificial Intelligence 21, 4, pp. 363–404.
Long, J., Stoecklin, S., Schwartz, D. G., and Patel, M., (2004) “Adaptive Similarity Metrics in Case-based Reasoning,” The 6th IASTED International Conference on Intelligent Systems and Control (ISC 2004), August 23–25, Honolulu, Hawaii, pp. 260–265.
Osborne, H. and Bridge, D., (1997) “Models of Similarity for Case-Based Reasoning,” Proc. Interdisciplinary Workshop Similarity and Categorisation, pp. 173–179.
Ranganathan A., and Ronen, R. (2010) “Information-Theory Based Measure of Similarity Between Instances in Ontology,” International Business Machines Corporation, United States Patent #7,792,838 B2.
Sanderson, P., Scott, J., Johnston, T., Mainzer, J., Watanabe, L., and James, J., (1994) “MacSHAPA and the enterprise of exploratory sequential data analysis (ESDA)”, Int. J. Human-Computer Studies, 41, pp. 633–681.
Schank, R., (1982) Dynamic Memory: A Theory of Learning in Computers and People (New York: Cambridge University Press.
Soh, L. K., and Blank, T. (2008) “Integrating Case-Based Reasoning and Meta-Learning for a Self-Improving Intelligent Tutoring System. Int. J. Artif. Intell. Ed. 18, 1, 27–58.
Stahl, A. (2004) Learning of Knowledge-Intensive Similarity Measures in Case-Based Reasoning. PHD-Thesis, dissertation.de, Technische Universität Kaiserslautern.
Sterling, W. M., and Ericson, B. J. (2006) “Case-Based Reasoning Similarity Metrics Implementation Using User Defined Functions,” NCR Corp., United States Patent # 7,136,852 B1, Nov. 14.
Sun, Z., Finnie, G., and Weber, K. (2005) “Abductive Case Based Reasoning,” International Journal of Intelligent Systems, 20(9), 957–983.
Wang, H. and Dubitzky, W., (2005) “A flexible and robust similarity measure based on contextual probability.” In Proceedings of the 19th international joint conference on Artificial intelligence (IJCAI'05). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 27–32.
Zhong, C., Kirubakaran, D. S., Yen, J. and Liu, P., (2013) “How to Use Experience in Cyber Analysis: An Analyt-ical Reasoning Support System,” in Proc. of IEEE Conf. on Intelligence and Security Informatics (ISI), pp. 263–265.
Zhong, C., Samuel, D., Yen, J., Liu, P., Erbacher, R., Hutchinson, S., Etoty, R., Cam, H., and Glodek, W. (2014) “RankAOH: Context-driven Similarity-based Retrieval of Experiences in Cyber Analysis,” in Proceedings of IEEE International Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA 2014) pp. 230–236.
VAST Challenge 2012 http://www.vacommunity.org/VAST+Challenge+2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Yen, J., Erbacher, R.F., Zhong, C., Liu, P. (2014). Cognitive Process. In: Kott, A., Wang, C., Erbacher, R. (eds) Cyber Defense and Situational Awareness. Advances in Information Security, vol 62. Springer, Cham. https://doi.org/10.1007/978-3-319-11391-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-11391-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11390-6
Online ISBN: 978-3-319-11391-3
eBook Packages: Computer ScienceComputer Science (R0)