Skip to main content
SpringerLink
Log in

Domain Specific Intended Use Evaluation Method: Intrusion Detection Specific Intended Use Evaluation Method

  • Conference paper
Advances in Information Security and Assurance (ISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5576))

Included in the following conference series:

  • 1772 Accesses

Abstract

Intrusion Detection (ID) specific intended use evaluation method is a rare and much needed usability study in ID field. It investigates only the most important or frequently faced activities that are discovered through field studies, surveys, interviews, and other previously conducted researches. This research effort aims to capture ID analysts’ first order needs and tailor the criteria according to the needs. The goal of this evaluation is to learn Intrusion Detection Systems’ (IDS’s) potential strength and limitation towards these needs. This research presents detailed descriptions of evaluation methodology, procedures, and the rationales behind the criteria. It considers the whole aspects of ID work, including their daily routines, monitoring tasks, and the corresponding activities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Durst, R., et al.: Testing and evaluating computer intrusion detection systems. Commun. ACM 42(7), 53–61 (1999)

    Article  Google Scholar 

  2. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2001)

    Google Scholar 

  3. Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, Edmonton (2002)

    Google Scholar 

  4. Puketza, N.J., et al.: A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering 22(10), 719–729 (1996)

    Article  Google Scholar 

  5. Debar, H., et al.: An Experimentation Workbench for Intrusion Detection Systems. Research Division, IBM, New York (1998)

    Google Scholar 

  6. Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24th International Conference on Software Engineering. ACM, Orlando (2002)

    Google Scholar 

  7. Alessandri, D.: Using Rule-Based Activity Descriptions to Evaluate Intrusion-Detection Systems. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 183–196. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Richards, K.: Network based intrusion detection: A review of technologies. Computer & Security 18(8), 671–682 (1999)

    Article  Google Scholar 

  9. Goodall, J.R., Lutters, W.G., Komlodi, A.: I know my network: collaboration and expertise in intrusion detection. In: Proceedings of the 2004 ACM conference on Computer supported cooperative work. ACM, Chicago (2004)

    Google Scholar 

  10. Goodall, J.R., Lutters, W.G., Komlodi, A.: The Work of Intrusion Detection: Rethinking the Role of Security Analysts. In: The Tenth Americas Conference on Information Systems, New York (2004)

    Google Scholar 

  11. Goodall, J.R., et al.: A user-centered approach to visualizing network traffic for intrusion detection. In: CHI 2005 extended abstracts on Human factors in computing systems. ACM, Portland (2005)

    Google Scholar 

  12. Komlodi, A., Goodall, J.R., Lutters, W.G.: An Information Visualization Framework for Intrusion Detection. In: CHI 2004 extended abstracts on Human factors in computing systems. ACM, Vienna (2004)

    Google Scholar 

  13. Yurick, W., et al.: Two Visual Computer Network Security Monitoring Tools Incorporting Operator Interface Requirements. In: ACM CHI Workshop on Human-Computer Interaction and Security Systems (HCISEC) (2003)

    Google Scholar 

  14. Lee, C.P., et al.: Visual Firewall: Real-time Network Security Monitor. In: Workshop on Visualization for Computer Security, pp. 129–136. IEEE, Minneapolis (2005)

    Google Scholar 

  15. Yusuke, H., Hideki, K.: STARMINE: a visualization system for cyber attacks. In: Proceedings of the 2006 Asia-Pacific Symposium on Information Visualisation, vol. 60. Australian Computer Society, Inc., Tokyo (2006)

    Google Scholar 

  16. Eick, S.G.: Aspects of Network Visualization. In: IEEE Computer Graphics and Applications, pp. 69–72. IEEE, Los Alamitos (1996)

    Google Scholar 

  17. Yin, X., et al.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington (2004)

    Google Scholar 

  18. Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington (2004)

    Google Scholar 

  19. Conti, G., Abdullah, K.: Passive visual fingerprinting of network attack tools. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington (2004)

    Google Scholar 

  20. Conti, G., Ahamad, M., Stasko, J.: Attacking information visualization system usability overloading and deceiving the human. In: Proceedings of the 2005 symposium on Usable privacy and security. ACM, Pittsburgh (2005)

    Google Scholar 

  21. da Silva Kauer, A.L., et al.: An Information Visualization Tool with Multiple Coordinated Views for Network Traffic Analysis. In: 12th International Conference on Information Visualisation, IV 2008 (2008)

    Google Scholar 

  22. Mu, C., Huang, H., Tian, S.: Intrusion Detection Alert Verification Based on Multi-level Fuzzy Comprehensive Evaluation. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS, vol. 3801, pp. 9–16. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  24. Plaisant, C.: The challenge of information visualization evaluation. In: Proceedings of the working conference on Advanced visual interfaces. ACM Press, Gallipoli (2004)

    Google Scholar 

  25. Kwan-Liu, M.: Visualization for security. SIGGRAPH Comput. Graph. 38(4), 4–6 (2004)

    Article  Google Scholar 

  26. Hertzog, P.: Visualizations to improve reactivity towards security incidents inside corporate networks. In: Proceedings of the 3rd international workshop on Visualization for computer security. ACM, Alexandria (2006)

    Google Scholar 

  27. Lee, W., et al.: Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security 5(22), 5–22 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Information Security Technologies (CIST), Department of Computer Science and Engineering Korea Univ., Asan Science Building #226, 5ga Anam-dong Sungbuk-gu Seoul, Korea

    Albert Park

Authors
  1. Albert Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Engineering Department, Kyungnam University, 449, Wolyong-dong, 631-701, Kyungnam, Masan, Korea

    Jong Hyuk Park

  2. Institute of Communications Engineering, National Sun Yat-Sen University, Kaohsiung City, Taiwan

    Hsiao-Hwa Chen

  3. School of Computer Science,, University of Oklahoma, 200 Felgar Street, 73019, P.O. Box, Norman, OK, USA

    Mohammed Atiquzzaman

  4. School of Computer Engineering, Hanshin University, Kyeong-Gi, Osan, Korea

    Changhoon Lee

  5. Division of Multimedia, Hannam University, Daejeon, Korea

    Tai-hoon Kim

  6. Division of Computer Engineering, Mokwon University, Daejeon, Korea

    Sang-Soo Yeo

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, A. (2009). Domain Specific Intended Use Evaluation Method: Intrusion Detection Specific Intended Use Evaluation Method. In: Park, J.H., Chen, HH., Atiquzzaman, M., Lee, C., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Assurance. ISA 2009. Lecture Notes in Computer Science, vol 5576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02617-1_79

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02617-1_79

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02616-4

  • Online ISBN: 978-3-642-02617-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation