How to use experience in cyber analysis: An analytical reasoning support system

Cyber analysis is a difficult task for analysts due to huge amounts of noise-abundant monitoring data and increasing complexity of the reasoning tasks. Therefore, experience from experts can provide guidance for analysts' analytical reasoning and contribute to training. Despite its great potential benefits, experience has not been effectively leveraged in the existing reasoning support systems due to the difficulty of elicitation and reuse. To fill the gap, we propose an experience-aided reasoning support system which can automatically capture experts' experi-ence and subsequently guide the novices' reasoning in a step-by-step manner. Drawing on cognitive theory, we model experience as a reasoning process involving "actions", "observations", and "hypotheses". Computability and adaptability are the compar-ative advantages of this model: the "hypotheses" capture analysts' internal mental reasoning as a black box, while the "actions" and "observations" formally representing the external context and analysts' evidence exploration activities. This paper demonstrates how this system, built on this experience model, can capture and utilize experience effectively.