A Survey on Immersive Cyber Situational Awareness Systems

Cyber situational awareness systems are increasingly used for creating cyber common operating pictures for cybersecurity analysis and education. However, these systems face data occlusion and convolution issues due to the burgeoning complexity, dimensionality, and heterogeneity of cybersecurity data, which damages cyber situational awareness of end-users. Moreover, conventional forms of human–computer interactions, such as mouse and keyboard, increase the mental effort and cognitive load of cybersecurity practitioners when analyzing cyber situations of large-scale infrastructures. Therefore, immersive technologies, such as virtual reality, augmented reality, and mixed reality, are employed in the cybersecurity realm to create intuitive, engaging, and interactive cyber common operating pictures. Immersive cyber situational awareness (ICSA) systems provide several unique visualization techniques and interaction features for the perception, comprehension, and projection of cyber situational awareness. However, there has been no attempt to comprehensively investigate and classify the existing state of the art in the use of immersive technologies for cyber situational awareness. Therefore, in this paper, we have gathered, analyzed, and synthesized the existing body of knowledge on ICSA systems. In particular, our survey has identified visualization and interaction techniques, evaluation mechanisms, and different levels of cyber situational awareness (i.e., perception, comprehension, and projection) for ICSA systems. Consequently, our survey has enabled us to propose (i) a reference framework for designing and analyzing ICSA systems by mapping immersive visualization and interaction techniques to the different levels of ICSA; (ii) future research directions for advancing the state of the art on ICSA systems; and (iii) an in-depth analysis of the industrial implications of ICSA systems to enhance cybersecurity operations.