TY - JOUR
T1 - Comparing the influence of cybersecurity knowledge on attack detection
T2 - Insights from experts and novice cybersecurity professionals
AU - Saeed, Mozamel M.
N1 - Publisher Copyright:
© 2024 the author(s), published by De Gruyter.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - This article investigates the effect of cybersecurity knowledge on the ability to detect malicious events in a network. We developed a simplified intrusion detection system (IDS) to simulate real-world scenarios and assess detection capabilities. The IDS features typical network intrusion characteristics, such as signature-based detection and anomaly detection, providing a realistic environment for participants. A cross-sectional study was conducted by recruiting 75 respondents who were from Al Neelain University, with novices observing ten distinct cyber-attack scenarios, including phishing, malware, and denial-of-service attacks. At the same time, experts examined three complex scenarios involving advanced persistent threats and zero-day exploits. Among these participants, 35 were considered novices (students) in cybersecurity, while 40 were security professionals from technical communities. The study procedure involved novices observing ten scenarios and completing a questionnaire assessing their detection accuracy, while experts observed three scenarios and filled out a similar questionnaire. The specific measures used to determine detection capabilities included the accuracy of identifying malicious events, the rate of false positives (mislabelling benign events as malicious), and the rate of false negatives (failing to identify malicious events). The findings of this study demonstrate that cybersecurity knowledge facilitates the accurate detection of malicious events and reduces mislabelling benign events as malicious. A deep understanding of a particular network is necessary for making precise detection decisions, which rely on cybersecurity knowledge. Experts exhibit the capability to differentiate different types of cyber-attacks. They accurately assess various network settings and determine the maliciousness of networking events with greater precision. In conclusion, this study highlights the importance of cybersecurity knowledge in detecting and differentiating cyber-attacks. The expertise of experts in network analysis and precise determination of malicious events emphasizes their significance. These findings have practical implications for enhancing attack detection capabilities.
AB - This article investigates the effect of cybersecurity knowledge on the ability to detect malicious events in a network. We developed a simplified intrusion detection system (IDS) to simulate real-world scenarios and assess detection capabilities. The IDS features typical network intrusion characteristics, such as signature-based detection and anomaly detection, providing a realistic environment for participants. A cross-sectional study was conducted by recruiting 75 respondents who were from Al Neelain University, with novices observing ten distinct cyber-attack scenarios, including phishing, malware, and denial-of-service attacks. At the same time, experts examined three complex scenarios involving advanced persistent threats and zero-day exploits. Among these participants, 35 were considered novices (students) in cybersecurity, while 40 were security professionals from technical communities. The study procedure involved novices observing ten scenarios and completing a questionnaire assessing their detection accuracy, while experts observed three scenarios and filled out a similar questionnaire. The specific measures used to determine detection capabilities included the accuracy of identifying malicious events, the rate of false positives (mislabelling benign events as malicious), and the rate of false negatives (failing to identify malicious events). The findings of this study demonstrate that cybersecurity knowledge facilitates the accurate detection of malicious events and reduces mislabelling benign events as malicious. A deep understanding of a particular network is necessary for making precise detection decisions, which rely on cybersecurity knowledge. Experts exhibit the capability to differentiate different types of cyber-attacks. They accurately assess various network settings and determine the maliciousness of networking events with greater precision. In conclusion, this study highlights the importance of cybersecurity knowledge in detecting and differentiating cyber-attacks. The expertise of experts in network analysis and precise determination of malicious events emphasizes their significance. These findings have practical implications for enhancing attack detection capabilities.
KW - attack detection capabilities
KW - data-breach prevention
KW - intrusion detection system
KW - knowledge
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85208676000&partnerID=8YFLogxK
U2 - 10.1515/comp-2024-0016
DO - 10.1515/comp-2024-0016
M3 - Article
AN - SCOPUS:85208676000
SN - 2299-1093
VL - 14
JO - Open Computer Science
JF - Open Computer Science
IS - 1
M1 - 20240016
ER -