Hearing attacks in network data: an effectiveness study

Sonification, in which data is represented as sound, can be used to turn network attacks and network-security information into audio signals. This could complement the range of security-monitoring tools currently used in Security Operations Centres (SOCs). Prior work in sonification for network monitoring has not assessed the effectiveness of the technique for enabling users to monitor network-security information. To this end, we aim to investigate the viability of using sonified network datasets to enable humans to detect (recognise the presence of some) and identify (understand the type of) network attacks. In this paper we report the results of a user study in which we assessed the utility of a network-traffic sonification system for representing network attacks. Our results show that by listening to the sonified network data, participants could detect attacks accurately and efficiently, including combinations of attacks, and identify the types of attacks. Musical experience had no significant effect on the ability of participants to use the sonification, and participants could detect attacks without training, yet improved performance through training. The results support the potential of sonification for use in network-security monitoring tasks.