In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
6th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012)
Title: Intrusion detection and the role of the system administrator
Author(s): Teodor Sommestad, Amund Hunstad
Keywords: intrusion detection systems, intrusion detection, system administrator, system administration
Abstract: The expertise of a system administrator is believed to be important for effective use of intrusion detection systems (IDS). This paper examines two hypotheses concerning the system administrators' ability to filter alarms produced by an IDS by comparing the performance of an IDS to the performance of a system administrator using the IDS. The comparison was made through an experiment where five computer networks are attacked during four days. The experiment shows that the system administrator significantly improves the system's Bayesian detection rate, without significantly decreasing the probability that an attack is detected. Also, an analysis is made of the types of expertise that is used when output from the intrusion detection system is processed by the administrator.
Download count: 2486
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.