Sonification systems, in which data are represented as sound, have the potential to be useful in a number of network security monitoring applications in Security Operations Centres (SOCs). Security analysts working in SOCs generally monitor networks using a combination of anomaly detection techniques, Intrusion Detection Systems (IDS) and data presented in visual and text-based forms. In the last two decades, significant progress has been made in developing novel sonification systems, which present sonified network data, to further support network monitoring tasks.
Many of these systems have not been sufficiently validated and there is a lack of uptake in SOCs. Furthermore, little guidance exists on design requirements for the effective sonification of network data. We identify the key role that sonification, if implemented correctly, could play in addressing shortcomings of traditional network monitoring methods. Avenues for investigation include anomaly detection by humans listening to the sonified network data; enabling analysts to monitor as a non-primary task using the sonification, while conducting other exploratory or incident handling tasks; and multimodal presentation of complex information that might usually be presented across multiple monitors or dashboards in SOCs.
Based on a review of prior research, we propose a three-part approach to developing sonification systems for network monitoring. This approach involves the formalisation of a framework for designing sonifications in this space; identification of sonification design aesthetics suitable for real-time network monitoring; and system refinement and validation through comprehensive user testing. As an initial step in the system development, we present a formalised framework for designing sonifications for network monitoring. The application of this framework is demonstrated through the development of prototype sonification systems.
I am a DPhil student in Cyber Security, focusing on monitoring solutions for large-scale networks. My research looks at using sonification (the mapping of data to sound) to improve network monitoring capabilities in Security Operations Centres (SOCs). Sonification systems have been proposed, and to some extent tested, for use in this area before. My work looks at refining appropriate sound designs for the network monitoring context, and validating the usefulness of sonification systems for improving monitoring capabilities.
Before joining Oxford, I completed an MSc with Distinction in Cryptography at Royal Holloway, University of London, for which my dissertation explored adversary model in authenticated key exchange protocols. I also hold a First Class BA in Mathematics and Music from Cardiff University, where my studies included a year in the Music department at Université Paris-Sorbonne.