Sonification in security operations centres: what do security practitioners think?

In Security Operations Centres (SOCs) security practitioners work using a range of tools to detect and mitigate malicious computer-network activity. Sonification, in which data is represented as sound, is said to have potential as an approach to addressing some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this paper therefore is to address this gap by exploring attitudes to using sonification in SOCs. We report on the results of a study consisting of an online survey (N=20) and interviews (N=21) with security practitioners working in a range of different SOCs. Our contribution is a refined appreciation of the contexts in which sonification could aid in SOC working practice, and an understanding of the areas in which sonification may not be beneficial or may even be problematic. We also analyse the critical requirements for the design of sonification systems and their integration into the SOC setting. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security-monitoring environment.

[1]  Kirstie Hawkey,et al.  Security practitioners in context: their activities and interactions , 2008, Int. J. Hum. Comput. Stud..

[2]  B. Kapralos,et al.  Poster : Towards Music-Assisted Intrusion Detection , 2009 .

[3]  Jan Gulliksen,et al.  Key principles for user-centred systems design , 2003, Behav. Inf. Technol..

[4]  Davide Rocchesso,et al.  The Sonification Handbook , 2011 .

[5]  D. Burr,et al.  Visual Clutter Causes High-Magnitude Errors , 2006, PLoS biology.

[6]  Kasia Muldner,et al.  Preparation, detection, and analysis: the diagnostic work of IT security incident response , 2010, Inf. Manag. Comput. Secur..

[7]  Mark Ballora,et al.  Use of sonification in the detection of anomalous events , 2012, Defense + Commercial Sensing.

[8]  R. Likert “Technique for the Measurement of Attitudes, A” , 2022, The SAGE Encyclopedia of Research Design.

[9]  Wanda Liz Diaz Merced,et al.  Sound for the exploration of space physics data , 2013 .

[10]  Alfred Kobsa,et al.  An Exploration of the Effects of Sensory Stimuli on the Completion of Security Tasks , 2017, IEEE Security & Privacy.

[11]  Anita D. D'Amico,et al.  The Real Work of Computer Network Defense Analysts , 2007, VizSEC.

[12]  Bill Kapralos,et al.  Toward Sound-Assisted Intrusion Detection Systems , 2007, OTM Conferences.

[13]  Sadie Creese,et al.  Guidelines for usable cybersecurity: Past and present , 2011, 2011 Third International Workshop on Cyberspace Safety and Security (CSS).

[14]  Panos Markopoulos,et al.  Powerful and consistent analysis of likert-type rating scales , 2010, CHI.

[15]  David Alais,et al.  Multisensory Congruency as a Mechanism for Attentional Control over Perceptual Selection , 2009, The Journal of Neuroscience.

[16]  Baruch Nevo,et al.  Face validity revisited. , 1985 .

[17]  John McHugh,et al.  Turning Contradictions into Innovations or: How We Learned to Stop Whining and Improve Security Operations , 2016, SOUPS.

[18]  S. Jamieson Likert scales: how to (ab)use them , 2004, Medical education.

[19]  Anita D'Amico,et al.  Cyber Operator Perspectives on Security Visualization , 2016 .

[20]  Min Chen,et al.  A survey of security visualization for computer network logs , 2012, Secur. Commun. Networks.

[21]  Sverker Sikström,et al.  Positive effects of noise on cognitive performance: Explaining the moderate brain arousal model , 2008 .

[22]  Marcel Hoffmann,et al.  A Tale of Three Security Operation Centers , 2014, SIW '14.

[23]  Martin Maguire,et al.  User Requirements Analysis , 2002 .

[24]  Alfred Kobsa,et al.  An Unattended Study of Users Performing Security Critical Tasks Under Adversarial Noise , 2015 .

[25]  Nigel Bevan,et al.  International standards for HCI and usability , 2001, Int. J. Hum. Comput. Stud..

[26]  G. Norman Likert scales, levels of measurement and the “laws” of statistics , 2010, Advances in health sciences education : theory and practice.

[27]  Stefanie Rinderle-Ma,et al.  Continuous sonification enhances adequacy of interactions in peripheral process monitoring , 2016, Int. J. Hum. Comput. Stud..

[28]  Robert F. Erbacher,et al.  A Survey of Visualization Tools Assessed for Anomaly-Based Intrusion Detection Analysis , 2014 .

[29]  Gerold Baier,et al.  Event-based sonification of EEG rhythms in real time , 2007, Clinical Neurophysiology.

[30]  Kirstie Hawkey,et al.  Security practitioners in context: their activities and interactions , 2008, CHI Extended Abstracts.

[31]  Nicklaus A. Giacobe,et al.  Songs of cyberspace: an update on sonifications of network traffic to support situational awareness , 2011, Defense + Commercial Sensing.

[32]  John McHugh,et al.  A Human Capital Model for Mitigating Security Analyst Burnout , 2015, SOUPS.

[33]  Martin C. Maguire,et al.  Context of Use within usability activities , 2001, Int. J. Hum. Comput. Stud..

[34]  L. Johnston Template analysis. , 1987, Journal of clinical orthodontics : JCO.

[35]  Gregory Kramer,et al.  Auditory Display: Sonification, Audification, And Auditory Interfaces , 1994 .

[36]  Rudi Giot,et al.  InteNtion – Interactive Network Sonification , 2012 .

[37]  Judy Robertson,et al.  Likert-type scales, statistical methods, and effect sizes , 2012, Commun. ACM.

[38]  Alexander A. Sawchuk,et al.  CyberSeer: 3D audio-visual immersion for network security and management , 2004, VizSEC/DMSEC '04.

[39]  Daniel R. Tesone,et al.  Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts , 2005 .

[40]  Jason R. C. Nurse,et al.  A Formalised Approach to Designing Sonification Systems for Network−Security Monitoring , 2017 .

[41]  Kirstie Hawkey,et al.  An integrated view of human, organizational, and technological challenges of IT security management , 2009, Inf. Manag. Comput. Secur..

[42]  John G. Neuhoff,et al.  Sonification Report: Status of the Field and Research Agenda Prepared for the National Science Foundation by members of the International Community for Auditory Display , 1999 .

[43]  Alva L. Couch,et al.  Peep (The Network Auralizer): Monitoring Your Network with Sound , 2000, LISA.

[44]  John McHugh,et al.  Humans Are Dynamic - Our Tools Should Be Too , 2017, IEEE Internet Computing.

[45]  Eric T. Greenlee,et al.  Augmenting Cyber Defender Performance and Workload through Sonified Displays , 2015 .