Title :
Improving intrusion detection systems through heuristic evaluation
Author :
Zhou, Andrew T. ; Blustein, James ; Zincir-Heywood, Nur
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
This work is a report on efforts to improve the usability of intrusion detection systems. Specifically, we first conducted a worldwide survey of system administrators from different countries and economic sectors to understand the state of practice in security management with a particular focus on intrusion detection systems (IDS). Then, based on these survey results and in depth interviews, we developed new heuristics to measure the effectiveness and efficiency of IDS. The comparison of our refined heuristics and Nielsen´s general heuristics on Snort, Snortsnarf and our proposed interface show that evaluators using our heuristics find significantly (p<0.0002) more of the problems. Also, evaluations with both sets find fewer problems in our interface than in Snort or Snortsnarf.
Keywords :
computer network management; telecommunication security; user interfaces; IDS; Snort; Snortsnarf; heuristic evaluation; interface; intrusion detection systems; security management; system administrators; usability; Computer network management; Computer science; Computer security; Computerized monitoring; Humans; Inspection; Intrusion detection; Man machine systems; Usability; User interfaces;
Conference_Titel :
Electrical and Computer Engineering, 2004. Canadian Conference on
Print_ISBN :
0-7803-8253-6
DOI :
10.1109/CCECE.2004.1349725
