Concern level assessment: Building domain knowledge into a visual system to support network-security situation awareness

Information officers and network administrators require tools to help them achieve situation awareness about potential network threats. We describe a response to mini-challenge 1 of the 2012 IEEE Visual Analytics Science and Technology challenge in which we developed a visual analytic solution to a network-security situation awareness problem. To support conceptual design, we conducted a series of knowledge elicitation sessions with domain experts. These provided an understanding of the information they needed to make situation awareness judgements as well as a characterisation of those judgements in the form of production rules, which define a parameter we called the 'concern level assessment'. The concern level assessment was used to provide heuristic guidance within a visual analytic system called Middlesex Spatial Interactive Visualisation Environment. An analysis of Visual Analytics Science and Technology challenge assessment sessions using Middlesex Spatial Interactive Visualisation Environment provides some evidence that intelligent heuristics like these can provide useful guidance without unduly dominating interaction and understanding.