A Controlled Experiment on the Impact of Intrusion Detection False Alarm Rate on Analyst Performance
share
Organizations use intrusion detection systems (IDSes) to identify harmful activity among millions of computer network events. Cybersecurity analysts review IDS alarms to verify whether malicious activity occurred and to take remedial action. However, IDS systems exhibit high false alarm rates. This study examines the impact of IDS false alarm rate on human analyst sensitivity (probability of detection), precision (positive predictive value), and time on task when evaluating IDS alarms. A controlled experiment was conducted with participants divided into two treatment groups, 50 86 false alarms. Results show statistically significant differences in precision and time on task. The median values for the 86 lower precision and 40 group. No significant difference in analyst sensitivity was observed.
READ FULL TEXT