{"id":"https://openalex.org/W2763567925","doi":"https://doi.org/10.1109/vizsec.2017.8062200","title":"Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design","display_name":"Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design","publication_year":2017,"publication_date":"2017-10-01","ids":{"openalex":"https://openalex.org/W2763567925","doi":"https://doi.org/10.1109/vizsec.2017.8062200","mag":"2763567925"},"language":"en","primary_location":{"id":"doi:10.1109/vizsec.2017.8062200","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2017.8062200","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028118323","display_name":"Lyndsey Franklin","orcid":"https://orcid.org/0000-0002-4494-7111"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lyndsey Franklin","raw_affiliation_strings":["Pacific Northwest National Laboratory"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058228910","display_name":"Meg Pirrung","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Meg Pirrung","raw_affiliation_strings":["Pacific Northwest, National Laboratory"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest, National Laboratory","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015012334","display_name":"Leslie M. Blaha","orcid":"https://orcid.org/0000-0002-1532-3887"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Leslie Blaha","raw_affiliation_strings":["Pacific Northwest National Laboratory"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056817428","display_name":"Michelle Dowling","orcid":"https://orcid.org/0000-0002-2572-1133"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michelle Dowling","raw_affiliation_strings":["Virginia Tech"],"affiliations":[{"raw_affiliation_string":"Virginia Tech","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112562638","display_name":"Mi Feng","orcid":null},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mi Feng","raw_affiliation_strings":["Worcester Polytechnic Institute"],"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute","institution_ids":["https://openalex.org/I107077323"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5028118323"],"corresponding_institution_ids":["https://openalex.org/I142606810"],"apc_list":null,"apc_paid":null,"fwci":1.0012,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.85301004,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12607","display_name":"Personal Information Management and User Behavior","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7914330959320068},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.7333278656005859},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.604611873626709},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5993561744689941},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.5541794896125793},{"id":"https://openalex.org/keywords/data-visualization","display_name":"Data visualization","score":0.5242472290992737},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.5087886452674866},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.47059333324432373},{"id":"https://openalex.org/keywords/merge","display_name":"Merge (version control)","score":0.4667383134365082},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3148431181907654},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.21250960230827332},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17940792441368103},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.12745827436447144}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7914330959320068},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.7333278656005859},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.604611873626709},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5993561744689941},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.5541794896125793},{"id":"https://openalex.org/C172367668","wikidata":"https://www.wikidata.org/wiki/Q6504956","display_name":"Data visualization","level":3,"score":0.5242472290992737},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.5087886452674866},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.47059333324432373},{"id":"https://openalex.org/C197129107","wikidata":"https://www.wikidata.org/wiki/Q1921621","display_name":"Merge (version control)","level":2,"score":0.4667383134365082},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3148431181907654},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.21250960230827332},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17940792441368103},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.12745827436447144},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/vizsec.2017.8062200","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2017.8062200","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7099999785423279}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320338354","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W1494756088","https://openalex.org/W1654306951","https://openalex.org/W1926713316","https://openalex.org/W1966335190","https://openalex.org/W1981777188","https://openalex.org/W1986111422","https://openalex.org/W2043667261","https://openalex.org/W2046333102","https://openalex.org/W2050131929","https://openalex.org/W2051877362","https://openalex.org/W2060678717","https://openalex.org/W2087449073","https://openalex.org/W2097090328","https://openalex.org/W2101911705","https://openalex.org/W2121513440","https://openalex.org/W2123521920","https://openalex.org/W2134595450","https://openalex.org/W2142263128","https://openalex.org/W2162641914","https://openalex.org/W2171022339","https://openalex.org/W2171080494","https://openalex.org/W2255638286","https://openalex.org/W2321770479","https://openalex.org/W2427513720","https://openalex.org/W2532274934","https://openalex.org/W2550670348","https://openalex.org/W2582491743","https://openalex.org/W2594028265","https://openalex.org/W2614506696","https://openalex.org/W2784723980","https://openalex.org/W2963673968","https://openalex.org/W4246793006","https://openalex.org/W4298414258","https://openalex.org/W6734855829","https://openalex.org/W6745040976"],"related_works":["https://openalex.org/W4367333290","https://openalex.org/W3149127250","https://openalex.org/W2158984754","https://openalex.org/W2080934634","https://openalex.org/W4246764483","https://openalex.org/W2126824079","https://openalex.org/W2112083262","https://openalex.org/W2143428259","https://openalex.org/W4378086562","https://openalex.org/W2013467770"],"abstract_inverted_index":{"Cyber":[0,64],"network":[1],"analysts":[2,95,116,149,190],"follow":[3],"complex":[4],"processes":[5],"in":[6,24,39,106],"their":[7,13,29,100,136],"investigations":[8],"of":[9,42,51],"potential":[10],"threats":[11],"to":[12,19,27,53,86,98,117,134,143,154,165,187],"network.":[14],"Much":[15],"research":[16],"is":[17,132],"dedicated":[18],"providing":[20],"automated":[21],"decision":[22],"support":[23,107],"the":[25,73,119,127],"effort":[26],"make":[28],"tasks":[30],"more":[31],"efficient,":[32],"accurate,":[33],"and":[34,60,78,122],"timely.":[35],"Support":[36],"tools":[37,68],"come":[38],"a":[40,167,180],"variety":[41],"implementations":[43],"from":[44],"machine":[45],"learning":[46],"algorithms":[47],"that":[48,93,170],"monitor":[49],"streams":[50],"data":[52,62,74,146],"visual":[54,175,182],"analytic":[55,120,137,176],"environments":[56],"for":[57],"exploring":[58],"rich":[59],"noisy":[61],"sets.":[63],"analysts,":[65],"however,":[66],"need":[67],"which":[69,85],"help":[70,79],"them":[71,80],"merge":[72],"they":[75],"already":[76],"have":[77],"establish":[81],"appropriate":[82],"baselines":[83],"against":[84],"compare":[87],"anomalies.":[88],"Furthermore,":[89],"existing":[90],"threat":[91,152,193],"models":[92],"cyber":[94,115,189],"regularly":[96],"use":[97],"structure":[99,135],"investigation":[101],"are":[102],"not":[103],"often":[104],"leveraged":[105],"tools.":[108,177],"We":[109,139,159,178],"report":[110],"on":[111],"our":[112,141,156],"work":[113],"with":[114,174,192],"understand":[118],"process":[121],"how":[123],"one":[124],"such":[125],"model,":[126],"MITRE":[128],"ATT&CK":[129],"Matrix":[130],"[42],":[131],"used":[133],"thinking.":[138],"present":[140],"efforts":[142],"map":[144],"specific":[145],"needed":[147],"by":[148],"into":[150],"this":[151,161],"model":[153],"inform":[155],"visualization":[157],"designs.":[158],"leverage":[160],"expert":[162],"knowledge":[163],"elicitation":[164],"identify":[166],"capability":[168],"gaps":[169],"might":[171],"be":[172],"filled":[173],"propose":[179],"prototype":[181],"analytic-supported":[183],"alert":[184],"management":[185],"workflow":[186],"aid":[188],"working":[191],"models.":[194]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}