I know my network

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

I know my network: collaboration and expertise in intrusion detection

Full text

Pdf (212 KB)

Source

Computer Supported Cooperative Work archive
Proceedings of the 2004 ACM conference on Computer supported cooperative work table of contents

Chicago, Illinois, USA

SESSION: Distilling knowledge table of contents

Pages: 342 - 345

Year of Publication: 2004

ISBN:1-58113-810-5

Authors

John R. Goodall	UMBC, Baltimore, MD
Wayne G. Lutters	UMBC, Baltimore, MD
Anita Komlodi	UMBC, Baltimore, MD

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction
ACM: Association for Computing Machinery
SIGGROUP: ACM Special Interest Group on Supporting Group Work

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 57, Citation Count: 8

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1031607.1031663 What is a DOI?

ABSTRACT

The work of intrusion detection (ID) in accomplishing network security is complex, requiring highly sought-after expertise. While limited automation exists, the role of human ID analysts remains crucial. This paper presents the results of an exploratory field study examining the role of expertise and collaboration in ID work. Through an analysis of the common and situated expertise required in ID work, our results counter basic assumptions about its individualistic character, revealing significant distributed collaboration. Current ID support tools provide no support for this collaborative problem solving. The results of this research highlight ID as an engaging CSCW work domain, one rich with organizational insights, design challenges, and practical import.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J. & Stoner, E. State of the Practice of Intrusion Detection Technologies. Tech. Report CMU/SEI-99-TR-028, 1999.
	2	Goodall, J.R., Lutters, W.G., & Komlodi, A. The work of intrusion detection: rethinking the role of security analysts. Proc. of AMCIS, (2004).
	3	Klaus Julisch , Marc Dacier, Mining intrusion detection alarms for actionable knowledge, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada [doi>10.1145/775047.775101]
	4	Anita Komlodi , John R. Goodall , Wayne G. Lutters, An Information Visualization Framework for Intrusion Detection, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria [doi>10.1145/985921.1062935]
	5	Wenke Lee , Salvatore J. Stolfo , Kui W. Mok, Adaptive Intrusion Detection: A Data Mining Approach, Artificial Intelligence Review, v.14 n.6, p.533-567, December 1, 2000 [doi>10.1023/A:1006624031083]
	6	McHugh, J. Intrusion and intrusion detection. Int'l Journal of Information Security, 1, 1 (2001). 14--35.
	7	Martin Roesch, Snort - Lightweight Intrusion Detection for Networks, Proceedings of the 13th USENIX conference on System administration, November 07-12, 1999, Seattle, Washington
	8	Jan Steffan , Markus Schumacher, Collaborative attack modeling, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain [doi>10.1145/508791.508843]
	9	Straus, A & Corbin, J. Basics of Qualitative Research. 2nd ed. Sage Publications, Thousand Oaks, CA, 1998.
	10	Yurcik, W., Barlow, J. & Rosendale, J., Maintaining perspective on who is the enemy in the security systems administration of computer networks. ACM CHI Workshop on System Admins. Are Users, Too, (2003).

CITED BY 8

	John R. Goodall , A. Ant Ozok , Wayne G. Lutters , Penny Rheingans , Anita Komlodi, A user-centered approach to visualizing network traffic for intrusion detection, CHI '05 extended abstracts on Human factors in computing systems, April 02-07, 2005, Portland, OR, USA
	Warren Harrop , Grenville Armitage, Real-time collaborative network monitoring and control using 3D game engines for representation and interaction, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
	Warren Harrop , Grenville Armitage, Modifying first person shooter games to perform real time network monitoring and control tasks, Proceedings of 5th ACM SIGCOMM workshop on Network and system support for games, October 30-31, 2006, Singapore
	Ramona Su Thompson , Esa M. Rantanen , William Yurcik , Brian P. Bailey, Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
	Erika Shehan , W. Keith Edwards, Home networking and HCI: what hath god wrought?, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
	Rodrigo Werlinger , Kirstie Hawkey , Konstantin Beznosov, Security practitioners in context: their activities and interactions, CHI '08 extended abstracts on Human factors in computing systems, April 05-10, 2008, Florence, Italy
	Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	Rodrigo Werlinger , Kirstie Hawkey , David Botta , Konstantin Beznosov, Security practitioners in context: Their activities and interactions with other stakeholders within organizations, International Journal of Human-Computer Studies, v.67 n.7, p.584-606, July, 2009