Improving Interpretability for Cyber Vulnerability Assessment Using Focus and Context Visualizations

Risk scoring provides a simple and quantifiable metric for decision support in cyber security operations, including prioritizing how to address discovered software vulnerabilities. However, scoring systems are often opaque to operators, which makes scores difficult to interpret in the context of the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE Symposium on Visualization for Cyber Security (VIZSEC) (Online) S. 30 - 39
Hauptverfasser: Alperin, Kenneth B., Wollaber, Allan B., Gomez, Steven R.
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 01.10.2020
Schlagworte:
Computer crime
Encoding
Human-centered computing-Visualization-Visualization application domains-Information Visualization
Human-centered computing-Visualization-Visualization systems and tools-Visualization toolkits
Machine learning
Security and privacy-Systems security-Vulnerability Management
Statistics
Task analysis
Visualization
ISSN:2639-4332
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Abstract Risk scoring provides a simple and quantifiable metric for decision support in cyber security operations, including prioritizing how to address discovered software vulnerabilities. However, scoring systems are often opaque to operators, which makes scores difficult to interpret in the context of their own networks, each other, or in a broader threat landscape. This interpretability challenge is exacerbated by recent applications of artificial intelligence (AI) and machine learning (ML) for vulnerability assessment, where opaque machine reasoning can hinder domain experts' trust in the decision-support toolkit or the actionability of its outputs. In this paper, we address this challenge through a combination of visualizations and analytics that complement existing techniques for vulnerability assessment. We present a study toward designing more interpretable visual encodings for decision support for vulnerability assessment. In particular, we consider the problem of making datasets of known vulnerabilities more interpretable at multiple scales, inspired by focus and context principles from the information visualization design community. The first scale considers individually scored vulnerabilities by using an explainable AI (XAI) toolkit for an ML risk-scoring model and by developing new visualizations of CVSS score features. The second scale uses an embedding for vulnerability descriptions to cluster potentially similar vulnerabilities. We outline use cases for these tools and discuss opportunities for applying XAI concepts to cyber risk and vulnerability management.
AbstractList Risk scoring provides a simple and quantifiable metric for decision support in cyber security operations, including prioritizing how to address discovered software vulnerabilities. However, scoring systems are often opaque to operators, which makes scores difficult to interpret in the context of their own networks, each other, or in a broader threat landscape. This interpretability challenge is exacerbated by recent applications of artificial intelligence (AI) and machine learning (ML) for vulnerability assessment, where opaque machine reasoning can hinder domain experts' trust in the decision-support toolkit or the actionability of its outputs. In this paper, we address this challenge through a combination of visualizations and analytics that complement existing techniques for vulnerability assessment. We present a study toward designing more interpretable visual encodings for decision support for vulnerability assessment. In particular, we consider the problem of making datasets of known vulnerabilities more interpretable at multiple scales, inspired by focus and context principles from the information visualization design community. The first scale considers individually scored vulnerabilities by using an explainable AI (XAI) toolkit for an ML risk-scoring model and by developing new visualizations of CVSS score features. The second scale uses an embedding for vulnerability descriptions to cluster potentially similar vulnerabilities. We outline use cases for these tools and discuss opportunities for applying XAI concepts to cyber risk and vulnerability management.
Author Wollaber, Allan B.
Gomez, Steven R.
Alperin, Kenneth B.
Author_xml – sequence: 1
  givenname: Kenneth B.
  surname: Alperin
  fullname: Alperin, Kenneth B.
  email: Kenneth.Alperin@ll.mit.edu
  organization: Massachusetts Institute of Technology
– sequence: 2
  givenname: Allan B.
  surname: Wollaber
  fullname: Wollaber, Allan B.
  email: Allan.Wollaber@ll.mit.edu
  organization: Massachusetts Institute of Technology
– sequence: 3
  givenname: Steven R.
  surname: Gomez
  fullname: Gomez, Steven R.
  email: Steven.Gomez@ll.mit.edu
  organization: Massachusetts Institute of Technology
BookMark eNo1T8FKAzEUjKJgW_sFguQHtuYlu01yLIvVguBBW7yVbPatRLbZkqRi-_VG1NMMw8wwMyYXfvBIyC2wGQDTdxt3ekFbZa5mnHE2Y4wBnJExSK5A8Tl_OycjPhe6KIXgV2Qa40f2CM5ETo1Iu9rtw_Dp_Dtd-YRhHzCZxvUuHWk3BFofGwx0c-g9hn99ESPGuEOf6Dr-JJeDPURqfEvrIZd8Jbpx8WB6dzLJDT5ek8vO9BGnfzgh6-X9a_1YPD0_rOrFU-HynFTwBlBBx7TtWqOkkZVGZmw-1yhlpAVhwXTATNUy3cpSm7nFDFLLhvOqEhNy89vrEHG7D25nwnGrRSlLEOIbJT9bdg
CODEN IEEPAD
ContentType Conference Proceeding
DBID 6IE
6IL
CBEJK
RIE
RIL
DOI 10.1109/VizSec51108.2020.00011
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Xplore POP ALL
IEEE Xplore All Conference Proceedings
IEEE Electronic Library (IEL)
IEEE Proceedings Order Plans (POP All) 1998-Present
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Statistics
Computer Science
EISBN 172818262X
9781728182629
EISSN 2639-4332
EndPage 39
ExternalDocumentID 9347413
Genre orig-research
GrantInformation_xml – fundername: United States Air Force
  funderid: 10.13039/100006831
GroupedDBID 6IE
6IF
6IL
6IN
AAJGR
AAWTH
ABLEC
ADZIZ
ALMA_UNASSIGNED_HOLDINGS
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
CHZPO
IEGSK
OCL
RIE
RIL
ID FETCH-LOGICAL-i203t-2b1e81f09cfda87a759e0ac110b88a7c13c1af10a5d09d749a6ce749797b22553
IEDL.DBID RIE
ISICitedReferencesCount 14
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000657259100005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
IngestDate Wed Aug 27 05:48:34 EDT 2025
IsPeerReviewed false
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-i203t-2b1e81f09cfda87a759e0ac110b88a7c13c1af10a5d09d749a6ce749797b22553
PageCount 10
ParticipantIDs ieee_primary_9347413
PublicationCentury 2000
PublicationDate 2020-Oct.
PublicationDateYYYYMMDD 2020-10-01
PublicationDate_xml – month: 10
  year: 2020
  text: 2020-Oct.
PublicationDecade 2020
PublicationTitle IEEE Symposium on Visualization for Cyber Security (VIZSEC) (Online)
PublicationTitleAbbrev VIZSEC
PublicationYear 2020
Publisher IEEE
Publisher_xml – name: IEEE
SSID ssj0003203511
Score 2.2132366
Snippet Risk scoring provides a simple and quantifiable metric for decision support in cyber security operations, including prioritizing how to address discovered...
SourceID ieee
SourceType Publisher
StartPage 30
SubjectTerms Computer crime
Encoding
Human-centered computing-Visualization-Visualization application domains-Information Visualization
Human-centered computing-Visualization-Visualization systems and tools-Visualization toolkits
Machine learning
Security and privacy-Systems security-Vulnerability Management
Statistics
Task analysis
Visualization
Title Improving Interpretability for Cyber Vulnerability Assessment Using Focus and Context Visualizations
URI https://ieeexplore.ieee.org/document/9347413
WOSCitedRecordID wos000657259100005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09a8MwED2S0CFT2iSl32joWDeWZUfSWEJDpxBoG7IFWSdBoDglH6Xpr68ku06HLp0shI3ME-J0d-_dAdzKLBcqEeicHOXTjCKNpLQ6cu9bO0TrjCCGZhN8MhHzuZw24K7WwhhjAvnM3PthyOXjSu98qGwgWeoMIGtCk_NhqdWq4yksCTmxSgRMYzmYLb-ejc48z935gYmncMW-UdCvLirBiIw7_1v-GPoHNR6Z1nbmBBqm6ELnpx0DqU5nF9r-4ljWXe4B1tECcuAVBiLsnrh7Khntc_ftbPfmq05X8w91lU4SmARk7P5pQ1SBJBSx-tyS2XLjVZiVdrMPr-PHl9FTVHVUiJYOnm2U5NQIamOpLSrBFc-kiZV2EOVCKK4p01RZGqsMY4k8lWqojXtwyXN38DN2Cq1iVZgzIFxohowbpBRTilyoNEWhMonCO0XJOfQ8gov3smjGogLv4u_pS2j7LSpZclfQ2q535hqO9IeDbX0TdvobS_Ws0g
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NSwMxEB1qFeyp2lb8NgePrt3sJk1yFLFUrKVgLb2VbJKFgmylH2L99SbZdevBi6eEsAthQpjMzHvzAK4FTbiMuLZBjnRlRk4CIVIV2O_TtKNT6wS1F5tggwGfTMSwAjclF8YY48Fn5tZNfS1fz9XapcraIibWAcY7sEsJicKcrVVmVOLIV8UKGjAORXs8-3oxijqku40EIwfiCp1U0C8dFe9GuvX_beAAWls-HhqWnuYQKiZrQP1HkAEV97MBNfd0zDsvN0GX-QK0RRZ6KOwG2Zcqut8k9t_x-s31nS7W78o-nchjCVDX7mmJZKaRb2P1uULj2dLxMAv2Zgteuw-j-15QaCoEM2ueVRAl2HCchkKlWnImGRUmlMqaKOFcMoVjhWWKQ0l1KDQjQnaUsQMTLLFXn8ZHUM3mmTkGxLiKdcyMxlgTrBmXhGguqdDchUXRCTSdBafveduMaWG807-Xr2C_N3ruT_uPg6czqLnjyjFz51BdLdbmAvbUhzXh4tKf-jdz4LAZ
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=IEEE+Symposium+on+Visualization+for+Cyber+Security+%28VIZSEC%29+%28Online%29&rft.atitle=Improving+Interpretability+for+Cyber+Vulnerability+Assessment+Using+Focus+and+Context+Visualizations&rft.au=Alperin%2C+Kenneth+B.&rft.au=Wollaber%2C+Allan+B.&rft.au=Gomez%2C+Steven+R.&rft.date=2020-10-01&rft.pub=IEEE&rft.eissn=2639-4332&rft.spage=30&rft.epage=39&rft_id=info:doi/10.1109%2FVizSec51108.2020.00011&rft.externalDocID=9347413