Megan Nyre-Yu (Sandia National Laboratories), Elizabeth S. Morris (Sandia National Laboratories), Blake Moss (Sandia National Laboratories), Charles Smutz (Sandia National Laboratories), Michael R. Smith (Sandia National Laboratories)

MiTechnological advances relating to artificial intelligence (AI) and explainable AI (xAI) techniques are at a stage of development that requires better understanding of operational context. AI tools are primarily viewed as black boxes and some hesitation exists in employing them due to lack of trust and transparency. xAI technologies largely aim to overcome these issues to improve operational efficiency and effectiveness of operators, speeding up the process and allowing for more consistent and informed decision making from AI outputs. Such efforts require not only robust and reliable models but also relevant and understandable explanations to end users to successfully assist in achieving user goals, reducing bias, and improving trust in AI models. Cybersecurity operations settings represent one such context in which automation is vital for maintaining cyber defenses. AI models and xAI techniques were developed to aid analysts in identifying events and making decisions about flagged events (e.g. network attack). We instrumented the tools used for cybersecurity operations to unobtrusively collect data and evaluate the effectiveness of xAI tools. During a pilot study for deployment, we found that xAI tools, while intended to increase trust and improve efficiency, were not utilized heavily, nor did they improve analyst decision accuracy. Critical lessons were learned that impact the utility and adoptability of the technology, including consideration of end users, their workflows, their environments, and their propensity to trust xAI outputs.

View More Papers

Euler: Detecting Network Lateral Movement via Scalable Temporal Graph...

Isaiah J. King (The George Washington University), H. Howie Huang (The George Washington University)

Read More

Transparency Dictionaries with Succinct Proofs of Correct Operation

Ioanna Tzialla (New York University), Abhiram Kothapalli (Carnegie Mellon University), Bryan Parno (Carnegie Mellon University), Srinath Setty (Microsoft Research)

Read More

A Lightweight IoT Cryptojacking Detection Mechanism in Heterogeneous Smart...

Ege Tekiner (Florida International University), Abbas Acar (Florida International University), Selcuk Uluagac (Florida International University)

Read More

Evaluating Personal Data Control In Mobile Applications Using Heuristics

Alain Giboin (UCA, INRIA, CNRS, I3S), Karima Boudaoud (UCA, CNRS, I3S), Patrice Pena (Userthink), Yoann Bertrand (UCA, CNRS, I3S), Fabien Gandon (UCA, INRIA, CNRS, I3S)

Read More