Skip to main content

Data Presentation in Security Operations Centres: Exploring the Potential for Sonification to Enhance Existing Practice

Axon, Louise, Alahmadi, Bushra, Nurse, Jason R.C., Goldsmith, Michael, Creese, Sadie (2020) Data Presentation in Security Operations Centres: Exploring the Potential for Sonification to Enhance Existing Practice. Journal of Cybersecurity, 6 (1). ISSN 2057-2085. E-ISSN 2057-2093. (doi:10.1093/cybsec/tyaa004) (KAR id:79587)

PDF Publisher pdf
Language: English


Creative Commons Licence
This work is licensed under a Creative Commons Attribution 4.0 International License.
Download (549kB) Preview
[img]
Preview
PDF Author's Accepted Manuscript
Language: English

Restricted to Repository staff only
Contact us about this Publication
[img]
Official URL
https://doi.org/10.1093/cybsec/tyaa004

Abstract

Security practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer-network activity. This work requires both automated tools that detect and prevent attacks, and data-presentation tools that can present pertinent network-security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification, in which data is represented as sound, is said to have potential as an approach that could work alongside existing visual data-presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this paper therefore is to address this gap by exploring attitudes to using sonification in SOCs, and identifying the data-presentation approaches currently used. We report on the results of a study consisting of an online survey (N=20) and interviews (N=21) with security practitioners working in a range of different SOCs. Our contributions are (1) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (2) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (3) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting, and (4) evidence of the visual data-presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security-monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly-detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC.

Item Type: Article
DOI/Identification number: 10.1093/cybsec/tyaa004
Uncontrolled keywords: Security Group, School of Psychology
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
T Technology
Divisions: Faculties > Sciences > School of Computing > Security Group
Faculties > Social Sciences > School of Psychology
Depositing User: Jason Nurse
Date Deposited: 15 Jan 2020 11:32 UTC
Last Modified: 27 Mar 2020 15:26 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/79587 (The current URI for this page, for reference purposes)
Nurse, Jason R.C.: https://orcid.org/0000-0003-4118-1680
  • Depositors only (login required):

Downloads

Downloads per month over past year