The Cathedral and the Bazaar
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
I know my network: collaboration and expertise in intrusion detection
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Field studies of computer system administrators: analysis of system management tools and practices
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
A User-centered Look at Glyph-based Security Visualization
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Interactively combining 2D and 3D visualization for network traffic monitoring
Proceedings of the 3rd international workshop on Visualization for computer security
Design guidelines for system administration tools developed through ethnographic field studies
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Towards understanding IT security professionals and their tools
Proceedings of the 3rd symposium on Usable privacy and security
Human, organizational, and technological factors of IT security
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Security practitioners in context: their activities and interactions
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs
IEEE Internet Computing
Usable autonomic computing systems: The system administrators' perspective
Advanced Engineering Informatics
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
International Journal of Human-Computer Studies
An intelligent contextual support system for intrusion detection tasks
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Knowledge and information and needs of system administrators in IT service factories
Proceedings of the 10th Brazilian Symposium on on Human Factors in Computing Systems and the 5th Latin American Conference on Human-Computer Interaction
| Hi-index | 0.00 |
An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs, but recent work has recognized the need to support the security practitioners who receive the IDS alarms and investigate suspected incidents. To examine the challenges associated with deploying and maintaining an IDS, we analyzed 9 interviews with IT security practitioners who have worked with IDSs and performed participatory observations in an organization deploying a network IDS. We had three main research questions: (1) What do security practitioners expect from an IDS?; (2) What difficulties do they encounter when installing and configuring an IDS?; and (3) How can the usability of an IDS be improved? Our analysis reveals both positive and negative perceptions that security practitioners have for IDSs, as well as several issues encountered during the initial stages of IDS deployment. In particular, practitioners found it difficult to decide where to place the IDS and how to best configure it for use within a distributed environment with multiple stakeholders. We provide recommendations for tool support to help mitigate these challenges and reduce the effort of introducing an IDS within an organization.