Effects of Cyber Security Knowledge on Attack Detection by Ben-Asher and Gonzalez

Introduction: Why the Article was Chosen

Ben-Asher and Gonzalezs (2015) article, Effects of Cyber Security Knowledge on Attack Detection examines how knowledge in information security and network operations influence how individuals detect intrusions in a network. It belongs in my field of study, specifically on how to deal with cyber security threats. The study focusses on the issue of cyber security, which as the authors articulate, is a task of high complexity and relies on domain knowledge, as well as the cognitive abilities in determining possible threats from large data volumes in a network. Cyber-attacks are a disruption of the normal functioning of computers and the loss of sensitive organizational information via malicious network events, which according to Ben-Asher and Gonzalez (2015), are becoming more frequent and widespread. For this reason, the article provides succinct representation as to why cyber security personnel should have the necessary skills to eliminate network vulnerabilities. The knowledge can be handy in my field of study when dealing with cyber threats. Guarding organizations against them is paramount. In essence, the responsibility of cyber-security analysis is protecting a network from malicious program and harm. Therefore, the study findings can be replicated to ensure more alertness to mitigating attacks, which is vital in my study area.

Article Summary

The article succinctly covered the introduction by familiarizing the topic of cyber security. It also entailed covering literature review about the topic. An important aspect that they pointed out is that a tool that security analysts in the information technology field heavily rely on is the use of Intrusion Detection System (IDS), which can categorically detect the various network intrusions and network misuse by enabling the analysts to match patterns of known attacks against ongoing network activities. According to Goodall, Lutters, and Komlodi (2009), IDS protects systems and networks by finding matches to a known type of attack or detecting abnormal network activities, and subsequently producing alerts that detail the suspicious activity or event. In the introduction, Ben-Asher and Gonzalez (2015) highlighted that they intended to investigate the basic cognitive processes that are involved in detecting cyber-attacks with a specific interest in comprehending the interplay between cognitive skills and domain knowledge. They also pointed out a major consideration in their study by articulating that even though cyber security analysts and practitioners are needed to have a broad knowledge of how networks and information security operate, it is not clear whether acquiring detailed and deep knowledge in cyber security is a major determinant in dealing with threats. In addition, they also identified that it is unclear how strategies, for example, evidence accumulation and information search, depend on the domain knowledge of the analyst and on a set of cognitive skills they can apply.

After the introduction, they covered the various cognitive and knowledge challenges facing cyber security. The researchers pointed out that new vulnerabilities usually emerge, and hackers capitalize on this by devising clever attack strategies that are constantly developed and evolve, just like the protective mechanisms that cyber protection analysts utilize. For this reason, while the analyst continually monitors the network to identify vulnerabilities and threats, attackers only need to find a single vulnerability that they can exploit to stage an attack. Once the attacker exploits the vulnerability, they can steal information or potentially damage the website or network. Other research parts, including methods and results, are discussed in the subsequent sections.

Methods: Why the Study is Quantitative

Ben-Asher and Gonzalez (2015) in their article capitalized on the use of quantitative means of study to examine how persons with or without the knowledge respond to mitigating cyber security threats and detect malicious events, as well as declare an attack based on a series of network events. The quantitative research instrument, as Creswel and Clark (2007) articulate, includes closed-ended questions about attitudes, behaviors, and opinions. The most common tool used for quantitative data is a questionnaire. In essence, Ben-Asher and Gonzalezs (2015) study capitalized on the use of expertise questionnaire. Essentially, as the researcher articulated, the aim of the study was to distinguish between experts who have an understanding of cyber security issues and novices who had no expertise in the field.

The researchers recruited 55 participants, mainly from the university applicant pool and invited them to Carnegie Mellon Universitys computer laboratory. These participants have considered novices, and none of them were from a cyber security workforce. They were compensated $10 for the participation and a further one cent for every attack or non-attack event they identified correctly, and one cent deducted for every even they identified incorrectly. In addition to the 55 students, the researchers also recruited 20 cyber security professionals from a variety of technical communities. They performed the task online, earning a point for each attack and no-attack activity correctly classified and lost a point for incorrect classifications. They were compensated a $50 Amazon gift card for every point.

The design of the study was a simple retail model and defined specific sequences of various network events that represented the progression of cyber-attacks. Participants in the novice group responded to 10 scenarios randomly and filled the expert questionnaire while participants in the expert group, responding to 3 random scenarios of the original 10 scenarios. The novices completed the exercise in 60 minutes, but the experts took only 25.

Results Highlight that the Study was Quantitative

Being a quantitative research, the results were analyzed using statistical methods. 80% of the experts had at least a year of experience in cyber security, and 35% had more than 10 years of practical experience, but the 93% of the novices stated that they had no experience. 100% of the experts knew the definition of DoS attacks compared to 36% of the novices. Expert theoretical and practical knowledge were significantly higher compared to that of novices, which were t(73) = 13.206,p< .001; t(73) = 14.179,p< .001, respectively. From the statistics, they made a graph as follows:

Figure 1: Experts and novice attack detection rates for four types of cyber attacks.

Figure 2: Probability of novices and experts declaring cyber attacks depending on events classified as malicious.

Figure 3: expert and novice detection rates of malicious events in the four types of cyber-attacks.

Conclusion

The results revealed that more knowledge in cyber security facilitated accurate detection of malicious events, and decreased false identification. However, knowledge had less contribution when judging sequence of events leading to a cyber attack. Responses from questionnaire indicated that novices were not sensitive to attack types. The study, having used quantitative means, such as the use of a questionnaire, as well as the use of statistical analysis, indicates that it is quantitative, not qualitative.

Reference

Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51-61. doi: http://dx.doi.org/10.1016/j.chb.2015.01.039

Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods approaches. New York, N.Y.: Sage publications.

Goodall, J. R., Lutters, W. G., & Komlodi, A. (2009). Developing expertise for network intrusion detection. Information Technology & People, 22(2), 92108. doi: http://dx.doi.org/10.1108/09593840910962186