A Usability Study on the creation of Intrusion Detection Rules on IoT Networks

Network Intrusion Detection Systems (IDS) can be used to employ defenses on IoT environments by making use of rules to detect anomalies on network traffic. Usability must be treated as a key feature of these systems, especially on the process of creating the aforementioned rules. In this work, we present IoT-Flows, a platform built on traditional IDS's concepts such as network monitoring and generation of alerts once an anomaly is detected, but focusing on enabling users to create rules in an intuitive way with a user-interface (UI). We compared the usability of our platform with Suricata, a popular open-source IDS. In our experimental design, participants were assigned the task of creating a rule to detect a popular distributed denial-of-service attack (DDoS) attack on both systems. Then, we applied a System Usability Scale questionnaire combined with open-ended questions. The feedback showed that Suricata lacks flexibility and a user-friendly UI, especially for nonexperienced users, despite its good documentation. In contrast, IoTFlows was praised for its UI and flexibility but was slower in rule creation compared to Suricata. We found that usability needs to be considered when developing security systems, especially when targeting IoT contexts, where non-IT users are common.