Improving Interpretability for Cyber Vulnerability Assessment Using Focus and Context Visualizations

Risk scoring provides a simple and quantifiable metric for decision support in cyber security operations, including prioritizing how to address discovered software vulnerabilities. However, scoring systems are often opaque to operators, which makes scores difficult to interpret in the context of the...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE Symposium on Visualization for Cyber Security (VIZSEC) (Online) s. 30 - 39
Hlavní autoři: Alperin, Kenneth B., Wollaber, Allan B., Gomez, Steven R.
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.10.2020
Témata:
Computer crime
Encoding
Human-centered computing-Visualization-Visualization application domains-Information Visualization
Human-centered computing-Visualization-Visualization systems and tools-Visualization toolkits
Machine learning
Security and privacy-Systems security-Vulnerability Management
Statistics
Task analysis
Visualization
ISSN:2639-4332
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Risk scoring provides a simple and quantifiable metric for decision support in cyber security operations, including prioritizing how to address discovered software vulnerabilities. However, scoring systems are often opaque to operators, which makes scores difficult to interpret in the context of their own networks, each other, or in a broader threat landscape. This interpretability challenge is exacerbated by recent applications of artificial intelligence (AI) and machine learning (ML) for vulnerability assessment, where opaque machine reasoning can hinder domain experts' trust in the decision-support toolkit or the actionability of its outputs. In this paper, we address this challenge through a combination of visualizations and analytics that complement existing techniques for vulnerability assessment. We present a study toward designing more interpretable visual encodings for decision support for vulnerability assessment. In particular, we consider the problem of making datasets of known vulnerabilities more interpretable at multiple scales, inspired by focus and context principles from the information visualization design community. The first scale considers individually scored vulnerabilities by using an explainable AI (XAI) toolkit for an ML risk-scoring model and by developing new visualizations of CVSS score features. The second scale uses an embedding for vulnerability descriptions to cluster potentially similar vulnerabilities. We outline use cases for these tools and discuss opportunities for applying XAI concepts to cyber risk and vulnerability management.
ISSN:2639-4332
DOI:10.1109/VizSec51108.2020.00011