Linux daemons—critical yet historically neglected attack surfaces—pose growing risks from adaptive threats and zero-day attacks, necessitating machine learning (ML)-enhanced security. Method: We conducted the first human-centered empirical study on ML-based daemon security, involving semi-structured interviews with 22 IT practitioners (security and operations professionals) and qualitative thematic analysis. Contribution/Results: Findings reveal widespread skepticism toward fully automated ML defenses; weak security awareness among non-security staff and delayed patching widen the vulnerability window; while real-time anomaly detection is highly valued, trust hinges on model interpretability, human-in-the-loop collaboration, and operational workflow integration. Based on these insights, we propose a pragmatic, incremental ML deployment framework for daemon security—balancing robustness with operational feasibility—and thereby fill a critical gap in the human factors research on ML-driven daemon protection.

DaemonSec is an early-stage startup exploring machine learning (ML)-based security for Linux daemons, a critical yet often overlooked attack surface. While daemon security remains underexplored, conventional defenses struggle against adaptive threats and zero-day exploits. To assess the perspectives of IT professionals on ML-driven daemon protection, a systematic interview study based on semi-structured interviews was conducted with 22 professionals from industry and academia. The study evaluates adoption, feasibility, and trust in ML-based security solutions. While participants recognized the potential of ML for real-time anomaly detection, findings reveal skepticism toward full automation, limited security awareness among non-security roles, and concerns about patching delays creating attack windows. This paper presents the methods, key findings, and implications for advancing ML-driven daemon security in industry.