Intrusion detection and the role of the system administrator-Reference-Cited by-同舟云学术

Intrusion detection and the role of the system administrator

Published:2013-03-15 Issue:1 Volume:21 Page:30-40
ISSN:0968-5227
Container-title:Information Management & Computer Security
language:en
Short-container-title:

Author:

Sommestad Teodor,Hunstad Amund

Abstract

PurposeThe expertise of a system administrator is believed to be important for effective use of intrusion detection systems (IDS). This paper examines two hypotheses concerning the system administrators' ability to filter alarms produced by an IDS by comparing the performance of an IDS to the performance of a system administrator using the IDS.Design/methodology/approachAn experiment was constructed where five computer networks are attacked during four days. The experiment assessed difference made between the output of a system administrator using an IDS and the output of the IDS alone. The administrator's analysis process was also investigated through interviews.FindingsThe experiment shows that the system administrator analysing the output from the IDS significantly improves the portion of alarms corresponding to attacks, without decreasing the probability that an attack is detected significantly. In addition, an analysis is made of the types of expertise that is used when output from the IDS is processed by the administrator.Originality/valuePrevious work, based on interviews with system administrators, has suggested that competent system administrators are important in order to achieve effective IDS solutions. This paper presents a quantitative test of the value system administrators add to the intrusion detection solution.

Publisher

Emerald

Subject

Library and Information Sciences,Management Science and Operations Research,Business and International Management,Management Information Systems

Reference16 articles.

1. Axelsson, S. (2000), “The base‐rate fallacy and the difficulty of intrusion detection”, ACM Transactions on Information and System Security, Vol. 3 No. 3, pp. 186‐205.

2. Biermann, E. (2001), “A comparison of intrusion detection systems”, Computers & Security, Vol. 20 No. 8, pp. 676‐83.

3. Branlat, M. (2011), Challenges to Adversarial Interplay Under High Uncertainty: Staged‐World Study of a Cyber Security Event, The Ohio State University, Columbus, OH.

4. Fisher, R.A. (1922), “On the interpretation of chi‐square from contingency tables, and the calculation of P”, Journal of the Royal Statistical Society, Vol. 85 No. 1, pp. 87‐94.

5. Goodall, J.R., Lutters, W.G. and Komlodi, A. (2004), “I know my network: collaboration and expertise in intrusion detection”, Proceedings of the 2004 ACM Conference on Computer Supported Cooperative Work, ACM, pp. 342‐5.

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Can LLMs Understand Computer Networks? Towards a Virtual System Administrator;2024 IEEE 49th Conference on Local Computer Networks (LCN);2024-10-08

2. Automation of Cybersecurity Work;Artificial Intelligence and Cybersecurity;2022-08-01

3. Machine Learning Methods for Enhanced Cyber Security Intrusion Detection System;Advances in Computing, Informatics, Networking and Cybersecurity;2022

4. Cyber situational awareness issues and challenges;Cybersecurity and Cognitive Science;2022

5. Variables influencing the effectiveness of signature-based network intrusion detection systems;Information Security Journal: A Global Perspective;2021-09-20