A formalised approach to designing sonification systems for network-security monitoring

Journal article

Sonification systems, in which data are represented through sound, have the potential to be useful in a number of network-security monitoring applications in Security Operations Centres (SOCs). Security analysts working in SOCs generally monitor networks using a combination of anomaly-detection techniques, Intrusion Detection Systems and data presented in visual and text-based forms. In the last two decades significant progress has been made in developing novel sonification systems to further support network-monitoring tasks, but many of these systems have not been sufficiently validated, and there is a lack of uptake in SOCs. Furthermore, little guidance exists on design requirements for the sonification of network data. In this paper, we identify the key role that sonification, if implemented correctly, could play in addressing shortcomings of traditional network-monitoring methods. Based on a review of prior research, we propose an approach to developing sonification systems for network monitoring. This approach involves the formalisation of a model for designing sonifications in this space; identification of sonification design aesthetics suitable for realtime network monitoring; and system refinement and validation through comprehensive user testing. As an initial step in this system development, we present a formalised model for designing sonifications for network-security monitoring. The application of this model is demonstrated through our development of prototype sonification systems for two different use-cases within networksecurity monitoring.

Authors: Axon, L; Nurse, J; Goldsmith, M; Creese, S

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: International Academy, Research, and Industry Association
• Journal: International Journal On Advances in Security
• Volume: 10
• Issue: 1-2
• Pages: 26-47
• Publication date: 2017-07-13
• Acceptance date: 2017-05-04
• ISSN: 1942-2636
• Keywords: network monitoring; aituational awareness; network aecurity; formalised model; anomaly detection