Article

I know my network: collaboration and expertise in intrusion detection

Authors:

John R. Goodall,

Wayne G. Lutters,

Anita KomlodiAuthors Info & Claims

CSCW '04: Proceedings of the 2004 ACM conference on Computer supported cooperative work

Pages 342 - 345

https://doi.org/10.1145/1031607.1031663

Published: 06 November 2004 Publication History

Get Access

Abstract

The work of intrusion detection (ID) in accomplishing network security is complex, requiring highly sought-after expertise. While limited automation exists, the role of human ID analysts remains crucial. This paper presents the results of an exploratory field study examining the role of expertise and collaboration in ID work. Through an analysis of the common and situated expertise required in ID work, our results counter basic assumptions about its individualistic character, revealing significant distributed collaboration. Current ID support tools provide no support for this collaborative problem solving. The results of this research highlight ID as an engaging CSCW work domain, one rich with organizational insights, design challenges, and practical import.

References

[1]

Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J. & Stoner, E. State of the Practice of Intrusion Detection Technologies. Tech. Report CMU/SEI-99-TR-028, 1999.

Google Scholar

[2]

Goodall, J.R., Lutters, W.G., & Komlodi, A. The work of intrusion detection: rethinking the role of security analysts. Proc. of AMCIS, (2004).

Google Scholar

[3]

Julisch, K. & Dacier, M. Mining intrusion detection alarms for actionable knowledge. Proc. of ACM Conf. on Knowledge Discov. and Data Mining, (2002), 366--375.

Digital Library

Google Scholar

[4]

Komlodi, A., Goodall, J.R. & Lutters, W.G. An information visualization framework for intrusion detection. Proc. of ACM CHI, (2004).

Digital Library

Google Scholar

[5]

Lee, W., Stolfo, S.J. & Mok, K.W. Adaptive intrusion detection: a data mining approach. Artificial Intelligence Review, 14, 6 (2000). 533--567.

Digital Library

Google Scholar

[6]

McHugh, J. Intrusion and intrusion detection. Int'l Journal of Information Security, 1, 1 (2001). 14--35.

Digital Library

Google Scholar

[7]

Roesch, M., Snort - lightweight intrusion detection for networks. Proc. of LISA, (1999), 229--238.

Digital Library

Google Scholar

[8]

Steffan, J. & Schumacher, M. Collaborative attack modeling. Proc. of ACM Symposium on Applied Computing, (2002), 253--259.

Digital Library

Google Scholar

[9]

Straus, A & Corbin, J. Basics of Qualitative Research. 2nd ed. Sage Publications, Thousand Oaks, CA, 1998.

Google Scholar

[10]

Yurcik, W., Barlow, J. & Rosendale, J., Maintaining perspective on who is the enemy in the security systems administration of computer networks. ACM CHI Workshop on System Admins. Are Users, Too, (2003).

Google Scholar

Cited By

View all

Mathew A(2024)Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident ManagementScience, Technology, & Human Values10.1177/01622439241240411Online publication date: 9-Apr-2024
https://doi.org/10.1177/01622439241240411
Lelievre ADe la Garza CBenchekroun T(2024)A framework to study cyber expert's activities. First stepsProceedings of the European Conference on Cognitive Ergonomics 202410.1145/3673805.3673839(1-5)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3673805.3673839
Schiele NEgberts JGadyatskaya O(2024)Nobody Knows the Risks I Have Seen: Evaluating the Gap Between Risk Analysis and Security Operations2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00059(473-483)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00059
Show More Cited By

Index Terms

I know my network: collaboration and expertise in intrusion detection
1. Human-centered computing
  1. Collaborative and social computing
    1. Collaborative and social computing theory, concepts and paradigms
      1. Computer supported cooperative work
2. Social and professional topics
  1. Professional topics
    1. Computing and business
      1. Computer supported cooperative work

Recommendations

Preventing the Mistraining of Anomaly-Based IDSs through Ensemble Systems
SERVICES '14: Proceedings of the 2014 IEEE World Congress on Services

The security of cloud networks is heavily contingent upon their ability to detect incoming attacks. An Intrusion Detection System (IDS) monitors a network for precisely this purpose. IDSs fall into one of two categories: signature-based and anomaly-...
Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Evaluating the survivability of Intrusion Tolerant Database systems and the impact of intrusion detection deficiencies

The immaturity of current intrusion detection techniques limits traditional security mechanisms in surviving malicious attacks. Intrusion tolerance approaches have emerged to overcome these limitations. However, to what extent an intrusion tolerant ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CSCW '04: Proceedings of the 2004 ACM conference on Computer supported cooperative work

November 2004

644 pages

ISBN:1581138105

DOI:10.1145/1031607

General Chairs:
Jim Herbsleb
Carnegie Mellon University, USA
,
Gary Olson
University of Michigan, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CSCW04

Sponsor:

CSCW04: Computer Supported Cooperative Work

November 6 - 10, 2004

Illinois, Chicago, USA

Acceptance Rates

CSCW '04 Paper Acceptance Rate 53 of 176 submissions, 30%;

Overall Acceptance Rate 2,235 of 8,521 submissions, 26%

Upcoming Conference

CSCW '25

Sponsor:
sigchi

Computer-Supported Cooperative Work and Social Computing

October 18 - 22, 2025

Bergen , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
1,033
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mathew A(2024)Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident ManagementScience, Technology, & Human Values10.1177/01622439241240411Online publication date: 9-Apr-2024
https://doi.org/10.1177/01622439241240411
Lelievre ADe la Garza CBenchekroun T(2024)A framework to study cyber expert's activities. First stepsProceedings of the European Conference on Cognitive Ergonomics 202410.1145/3673805.3673839(1-5)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3673805.3673839
Schiele NEgberts JGadyatskaya O(2024)Nobody Knows the Risks I Have Seen: Evaluating the Gap Between Risk Analysis and Security Operations2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00059(473-483)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00059
DeValk KElmqvist N(2023)Riverside: A design study on visualization for situation awareness in cybersecurityInformation Visualization10.1177/1473871623118922023:1(40-66)Online publication date: 17-Aug-2023
https://doi.org/10.1177/14738716231189220
Shah AGanesan RJajodia SCam HHutchinson S(2023)A Novel Team Formation Framework Based on Performance in a Cybersecurity Operations CenterIEEE Transactions on Services Computing10.1109/TSC.2023.325330716:4(2359-2371)Online publication date: 1-Jul-2023
https://doi.org/10.1109/TSC.2023.3253307
Mink JBenkraouda HYang LCiptadi AAhmadzadeh AVotipka DWang G(2023)Everybody’s Got ML, Tell Me What Else You Have: Practitioners’ Perception of ML-Based Security Tools and Explanations2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179321(2068-2085)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179321
Da Silva JJensen R(2022)"Cyber security is a dark art": The CISO as SoothsayerProceedings of the ACM on Human-Computer Interaction10.1145/35550906:CSCW2(1-31)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3555090
Varga SSommestad TBrynielsson J(2022)Automation of Cybersecurity WorkArtificial Intelligence and Cybersecurity10.1007/978-3-031-15030-2_4(67-101)Online publication date: 1-Aug-2022
https://doi.org/10.1007/978-3-031-15030-2_4
Haney JJacobs JBarrientos FFurman S(2022)Lessons Learned and Suitability of Focus Groups in Security Information Workers ResearchHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-05563-8_10(135-153)Online publication date: 16-Jun-2022
https://doi.org/10.1007/978-3-031-05563-8_10
Rajivan PCooke N(2021)Modeling Information Pooling Bias in Incident Response Teams: An Agent Based Modeling ApproachProceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/107118132064109864:1(436-440)Online publication date: 9-Feb-2021
https://doi.org/10.1177/1071181320641098
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Preventing the Mistraining of Anomaly-Based IDSs through Ensemble Systems

Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Evaluating the survivability of Intrusion Tolerant Database systems and the impact of intrusion detection deficiencies

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations