Sonification of Network Traffic Flow for Monitoring and Situational Awareness

Maintaining situational awareness of what is happening within a network is challenging, not least because the behaviour happens within computers and communications networks, but also because data traffic speeds and volumes are beyond human ability to process. Visualisation is widely used to present information about the dynamics of network traffic dynamics. Although it provides operators with an overall view and specific information about particular traffic or attacks on the network, it often fails to represent the events in an understandable way. Visualisations require visual attention and so are not well suited to continuous monitoring scenarios in which network administrators must carry out other tasks. Situational awareness is critical and essential for decision-making in the domain of computer network monitoring where it is vital to be able to identify and recognize network environment behaviours.Here we present SoNSTAR (Sonification of Networks for SiTuational AwaReness), a real-time sonification system to be used in the monitoring of computer networks to support the situational awareness of network administrators. SoNSTAR provides an auditory representation of all the TCP/IP protocol traffic within a network based on the different traffic flows between between network hosts. SoNSTAR raises situational awareness levels for computer network defence by allowing operators to achieve better understanding and performance while imposing less workload compared to visual techniques. SoNSTAR identifies the features of network traffic flows by inspecting the status flags of TCP/IP packet headers and mapping traffic events to recorded sounds to generate a soundscape representing the real-time status of the network traffic environment. Listening to the soundscape allows the administrator to recognise anomalous behaviour quickly and without having to continuously watch a computer screen.Comment: 17 pages, 7 figures plus supplemental material in Github repositor

Reflecting on the Use of Sonification for Network Monitoring

In Security Operations Centres (SOCs), computer networks are generally monitored using a combination of anomaly detection techniques, Intrusion Detection Systems (IDS) and data presented in visual and text-based forms. In the last two decades significant progress has been made in developing novel sonification systems to further support network monitoring tasks. A range of systems has been proposed in which sonified network data is presented for incorporation into the network monitoring process. Unfortunately, many of these have not been sufficiently validated and there is a lack of uptake in SOCs. In this paper, we describe and reflect critically on the shortcomings of traditional network-monitoring methods and identify the key role that sonification, if implemented correctly, could play in improving current monitoring capabilities. The core contribution of this position paper is in the outline of a research agenda for sonification for network monitoring, based on a review of prior research. In particular, we identify requirements for an aesthetic approach that is suitable for continuous real-time network monitoring; formalisation of an approach to designing sonifications in this space; and refinement and validation through comprehensive user testing

A Formalised Approach to Designing Sonification Systems for Network-Security Monitoring

Sonification systems, in which data are represented through sound, have the potential to be useful in a number of network-security monitoring applications in Security Operations Centres (SOCs). Security analysts working in SOCs generally monitor networks using a combination of anomaly-detection techniques, Intrusion Detection Systems and data presented in visual and text-based forms. In the last two decades significant progress has been made in developing novel sonification systems to further support network-monitoring tasks, but many of these systems have not been sufficiently validated, and there is a lack of uptake in SOCs. Furthermore, little guidance exists on design requirements for the sonification of network data. In this paper, we identify the key role that sonification, if implemented correctly, could play in addressing shortcomings of traditional network-monitoring methods. Based on a review of prior research, we propose an approach to developing sonification systems for network monitoring. This approach involves the formalisation of a model for designing sonifications in this space; identification of sonification design aesthetics suitable for realtime network monitoring; and system refinement and validation through comprehensive user testing. As an initial step in this system development, we present a formalised model for designing sonifications for network-security monitoring. The application of this model is demonstrated through our development of prototype sonification systems for two different use-cases within network security monitoring

A Systematic Review of the State of Cyber-Security in Water Systems

Critical infrastructure systems are evolving from isolated bespoke systems to those that use general-purpose computing hosts, IoT sensors, edge computing, wireless networks and artificial intelligence. Although this move improves sensing and control capacity and gives better integration with business requirements, it also increases the scope for attack from malicious entities that intend to conduct industrial espionage and sabotage against these systems. In this paper, we review the state of the cyber-security research that is focused on improving the security of the water supply and wastewater collection and treatment systems that form part of the critical national infrastructure. We cover the publication statistics of the research in this area, the aspects of security being addressed, and future work required to achieve better cyber-security for water systems

Customization of the Telecommunication Market Based on the Application of the Concept of Service Products

The analysis of the structure and dynamics of the main indicators of the Russian telecommunication services market shows the achievement of saturation state of this market and the exhaustion of extensive sources of growth. Given the presence of a complex of negative socioeconomic factors, the source of maintaining the market positions of telecommunication companies is the customization of the services offered. For this purpose, the concept of the service products can be applied, involving the inclusion of the additional, accompanying and derivative services into the customer service package. The prerequisites for the application of the concept of the service product in the telecommunication field are the availability of the multiattribute properties and interdependence of elements in the product of that field. On the telecommunication market we can consider three types of service products. Customization of the Russian market of telecommunication services is carried out taking into account its strong state protectionism, which is conditioned by the strategic importance and the high social significance of the telecommunication industry. Saturation of the market in the conditions of oligopoly and sophistication of consumers stimulate the telecommunication companies to include in their market offer the service products of all three types

Listening back

Listening Back is a practice-based research project that develops a critical mode of sonic inquiry into a technique of contemporary Web surveillance – the cookie. Following creative sonification practices, cookie data is sonified as a strategy for interrupting the visual surface of the browser interface to sonically draw attention to backend data capture. Theoretical scholarship from surveillance studies proposes that visual panopticism has been largely superseded by automated technologies of humanly incomprehensible data collection. Scholars such as Mark Andrejevic have observed how the operations of algorithmic surveillance have become post-representational. Listening Back aims to address the post-representational character of Web surveillance by asking: how can artists critically render an online experience of continuous and ubiquitous surveillance? During this PhD research, I have created the Listening Back browser add-on that sonifies Internet cookies in real-time. The add-on has been enacted across both live performance, installation, and personal computer usage. As a sounding Web-based arts practice, it deploys artistic approaches to browser add-ons and creative data sonification that I and others have developed within networked and sounding art fields during the last two decades. Artists such as Adriana Knouf, Allison Burtch and Michael Mandiberg have addressed the opacity and normalisation of the Web browser by creating artistic browser add-ons. These ethico-aesthetic strategies of awareness adopt Web protocols and data mining techniques to re-navigate and expose ordinarily obscured data logics and repurpose the browser as a site for artistic practice. In addition to repurposing and exposing hidden cookie data, sonification aims to situate an embodied listening within the real-time dynamics of Web surveillance and facilitate an engagement across critical analysis and sensing modes of online surveillance. By providing the opportunity to listen back, a human-level connection to real-time data capture is facilitated as an aesthetic sounding strategy for making the capture of surveillant data online tangible. Listening Back, as practice-based research, contributes a new artistic strategy to creative browser add-on practices by engaging an embodied listening experience that deploys time-based and experiential aspects of sound. Listening Back also uses creative sonification to situate online listening as an activity that occurs at the intersection of the network infrastructure, the Web browser, and personal computing

Advocacy by Design: Moving Between Theory & Practice

How can librarians, archivists, and digital practitioners practice an Ethic of Care, in explicitly anti-racist and anti-violent ways? How can libraries contribute to the infrastructures needed to define, scope, and practice care? This talk focuses on research practices to do the speculative work of imagining what the infrastructures of an Ethic of Care could and should be. Advocacy by Design (AbD) is a design framework for critical engagement centered on advocacy.  AbD articulates a series of principles—transparency, openness, polyvocalism (resisting one narrative, opening possibility of many points of view, many narratives around a single event), stewardship, etc.—and a series of applied techniques to realize these principles throughout the project’s cycle.  This talk will first describe the broad focus of Advocacy by Design, with a particular attention to how it is a framework to help prompt reflection and articulation of the purposes of the project (any project from system design to creating a working group to helping at the reference desk), then to outline what the principles are for Advocacy by Design, highlight several ‘elements’ for each principle for a few example projects—within the Library and liaison-collaboration with researchers; and finally point towards why the library might care about centering design, particularly AbD, in our work, from the ways we think about and invite users to the library, to discovery interfaces, and to collaborations in digital projects

An investigation of phishing awareness and education over time: When and how to best remind users

Security awareness and education programmes are rolled out in more and more organisations. However, their effectiveness over time and, correspondingly, appropriate intervals to remind users’ awareness and knowledge are an open question. In an attempt to address this open question, we present a field investigation in a German organisation from the public administration sector. With overall 409 employees, we evaluated (a) the effectiveness of their newly deployed security awareness and education programme in the phishing context over time and (b) the effectiveness of four different reminder measures – administered after the initial effect had worn off to a degree that no significant improvement to before its deployment was detected anymore. We find a significantly improved performance of correctly identifying phishing and legitimate emails directly after and four months after the programme’s deployment. This was not the case anymore after six months, indicating that reminding users after half a year is recommended. The investigation of the reminder measures indicates that measures based on videos and interactive examples perform best, lasting for at least another six months

Data Presentation in Security Operations Centres: Exploring the Potential for Sonification to Enhance Existing Practice

Security practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer-network activity. This work requires both automated tools that detect and prevent attacks, and data-presentation tools that can present pertinent network-security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification, in which data is represented as sound, is said to have potential as an approach that could work alongside existing visual data-presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this paper therefore is to address this gap by exploring attitudes to using sonification in SOCs, and identifying the data-presentation approaches currently used. We report on the results of a study consisting of an online survey (N=20) and interviews (N=21) with security practitioners working in a range of different SOCs. Our contributions are (1) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (2) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (3) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting, and (4) evidence of the visual data-presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security-monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly-detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC