Improving intrusion detection systems through heuristic evaluation

Author

Zhou, Andrew T. ; Blustein, James ; Zincir-Heywood, Nur

Author_Institution

Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada

Volume

3

fYear

2004

Firstpage

1641

Abstract

This work is a report on efforts to improve the usability of intrusion detection systems. Specifically, we first conducted a worldwide survey of system administrators from different countries and economic sectors to understand the state of practice in security management with a particular focus on intrusion detection systems (IDS). Then, based on these survey results and in depth interviews, we developed new heuristics to measure the effectiveness and efficiency of IDS. The comparison of our refined heuristics and Nielsen´s general heuristics on Snort, Snortsnarf and our proposed interface show that evaluators using our heuristics find significantly (p<0.0002) more of the problems. Also, evaluations with both sets find fewer problems in our interface than in Snort or Snortsnarf.

Keywords

computer network management; telecommunication security; user interfaces; IDS; Snort; Snortsnarf; heuristic evaluation; interface; intrusion detection systems; security management; system administrators; usability; Computer network management; Computer science; Computer security; Computerized monitoring; Humans; Inspection; Intrusion detection; Man machine systems; Usability; User interfaces;

fLanguage

English

Publisher

ieee

Conference_Titel

Electrical and Computer Engineering, 2004. Canadian Conference on

ISSN

0840-7789

Print_ISBN

0-7803-8253-6

Type

conf

DOI

10.1109/CCECE.2004.1349725

Filename

1349725