Home

On the Design and Execution of Cyber-Security User Studies: Methodology, Challenges, and Lessons Learned

Malek Ben Salem; Salvatore Stolfo

Title:
On the Design and Execution of Cyber-Security User Studies: Methodology, Challenges, and Lessons Learned
Author(s):
Ben Salem, Malek
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Book/Journal Title:
CSET '11: 4th Workshop on Cyber Security Experimentation and Test, August 8, 2011, San Francisco, CA
Publisher:
USENIX
Abstract:
Real-world data collection poses an important challenge in the security field. Insider and masquerader attack data collection poses even a greater challenge. Very few organizations acknowledge such breaches because of liability concerns and potential implications on their market value. This caused the scarcity of real-world data sets that could be used to study insider and masquerader attacks. Moreover, user studies conducted to collect such data lack rigor in their design and execution. In this paper, we present the methodology followed to conduct a user study and build a data set for evaluating masquerade attack detection techniques. We discuss the design, technical, and procedural challenges encountered during our own masquerade data gathering project, and share some of the lessons learned from this several-year project.
Subject(s):
Computer science
Item views:
167
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use