The Enhanced Security in Process System - Evaluating Knowledge Assistance

Anna-Pia Lohfink, Vera Marie Memmesheimer, Frederike Gartzky, Christoph Garth

View presentation:2021-10-24T13:25:00ZGMT-0600Change your timezone on the schedule page
2021-10-24T13:25:00Z
Exemplar figure, but none was provided by the authors
Fast forward

Direct link to video on YouTube: https://youtu.be/Z2l2-n8sURo

Abstract

We present evaluation results of our enhancements to the Security in Process System developed by Lohfink et al. to support triage analysis in operational technology networks. To ensure fast and appropriate reactions to anomalies in device readings, this system communicates anomaly detection results and device readings to incorporate human expertise and experience. It exploits periodical behavior in the data combining spiral plots with results from anomaly detection. To support decisions, increase trust, and support cooperation in the system we enhanced it to be knowledge-assisted. A central knowledge base allows sharing knowledge between users and support during analysis. It consists of an ontology describing incidents, and a data base holding collections of exemplary sensor readings with annotations and visualization parameters. Related knowledge is proposed automatically and incorporated directly in the visualization to provide assistance that is closely coupled to the application, without additional hurdles. This integration is designed aiming on additional support for correct and fast detection of anomalies in the visualized device readings. We evaluate our enhancements to the Security in Process System in terms of effectiveness, efficiency, user satisfaction, and cognitive load with a detailed user study. Comparing the original and enhanced system, we are able to draw conclusions as to how our design narrows the knowledge gap between experts and laymen. Furthermore, we present and discuss the results and impact on our future research.