Effective cyber threat recognition and prevention demand comprehensible forecasting systems, as prior approaches commonly offer limited and, ultimately, unconvincing information. We introduce Simplified Plaintext Language (SPLAIN), a natural language generator that converts warning data into user-friendly cyber threat explanations. SPLAIN is designed to generate clear, actionable outputs, incorporating hierarchically organized explanatory details about input data and system functionality. Given the inputs of individual sensor-induced forecasting signals and an overall warning from a fusion module, SPLAIN queries each signal for information on contributing sensors and data signals. This collected data is processed into a coherent English explanation, encompassing forecasting, sensing, and data elements for user review. SPLAIN's template-based approach ensures consistent warning structure and vocabulary. SPLAIN's hierarchical output structure allows each threat and its components to be expanded to reveal underlying explanations on demand. Our conclusions emphasize the need for designers to specify the "how" and "why" behind cyber warnings, advocate for simple structured templates in generating consistent explanations, and recognize that direct causal links in Machine Learning approaches may not always be identifiable, requiring some explanations to focus on general methodologies, such as model and training data.

翻译：有效的网络威胁识别与预防需要可理解的预测系统，因为先前的方法通常提供有限且最终缺乏说服力的信息。我们引入简化纯文本语言（SPLAIN），一种自然语言生成器，可将警告数据转换为用户友好的网络威胁解释。SPLAIN旨在生成清晰、可操作的输出，并包含关于输入数据和系统功能的分层组织解释细节。给定来自单个传感器触发的预测信号以及来自融合模块的整体警告，SPLAIN会查询每个信号以获取贡献传感器和数据信号的信息。收集到的数据被处理成连贯的英文解释，涵盖预测、感知和数据元素，供用户审查。SPLAIN基于模板的方法确保了警告结构和词汇的一致性。SPLAIN的分层输出结构允许每个威胁及其组成部分按需展开以揭示底层解释。我们的结论强调，设计者需要明确网络警告背后的“如何”和“为什么”，提倡使用简单的结构化模板来生成一致的解释，并认识到机器学习方法中的直接因果联系可能并非总是可识别的，因此某些解释需要侧重于一般性方法论，如模型和训练数据。