供稿： 本站 责任编辑： 刘艳梅 发布时间： 2017-12-19 阅读：
摘要：As the network monitoring data are usually generated at a rapid speed and contain a lot of noises, cyber security analysts are so far bounded by tedious and repetitive data triage tasks that they can hardly concentrate on in-depth analysis to generate timely and quality incident reports. These difficulties result in a great disparity in force between overwhelmed cyber security analysts and aggressive attackers. Therefore, there is an urgent need to liberate cyber security analysts from the tedious data analytics to focus on the higher-level cyber situational awareness. Aimed at reducing the analysts’ workloads, I proposed an approach to capturing and leveraging analysts’ previous cognitive processes of data triage. An interactive toolkit, named ARSCA, has been developed as a specific realization of the tracing method. The analysts’ experience knowledge implied by the collected traces were further utilized to construct an automated data triage systems to reduce the analysts’ workload. In conclusion, an initial step had been taken towards leveraging human analysts’ previous cognitive processes to facilitate data triage. Its contribution lies in three aspects. The study shows that the proposed tracing method realizes the possibility of tracing human analysts’ cognitive processes in a less intrusive manner while analysts are performing cyber security analytics tasks. Besides, the automated data triage system has been shown to be able to construct useful data triage rules from the collected traces to conduct automated data triage operations for analysts in an effective manner.