Assessing the challenges of Intrusion Detection Systems |
Intrusion Detection Systems (IDS) are a commonly recognised element of the Internet security arsenal, regularly considered alongside firewalls and anti-virus as options for protecting networked systems. However, despite the widespread availability, the actual deployment and use of IDS is considerably less than these other technologies, suggesting that practical factors are potentially constraining their adoption. This paper seeks to further investigate this issue, drawing upon prior literature to identify the range of challenges that may be posed by IDS, and then mounting a survey to determine their relative significance. A web-based questionnaire was used to solicit information and opinion from IDS users and other IDS-aware respondents. A total of 41 responses were obtained, which (although limited) was sufficient to reveal a notable finding in the overall response. Specifically, while the received wisdom suggests that the most pressing challenge of IDS is the volume of false positives, the survey results indicated that a number of human-related aspects (relating to understanding, skills and ability to correlate information) were actually more prominent problems.
Ibrahim T, Furnell SM, Papadaki M, Clarke NL