Improving Human-Machine Interactions in Security Operation Centers through Spatial Sonification of Cybersecurity Data
Researchers will use high-density loudspeaker array (HDLA) systems and other immersive audio to explore whether supplemental auralized/sonified alert data can decrease Security Operation Center operators’ information overload and increase alert-response effectiveness.
Funded by: CCI Southwest Virginia Node, in collaboration with Virginia Tech’s Institute for Society, Culture, and Environment (ISCE) and the Tech4Humanity initiative
Project Investigators
Principal Investigator (PI): Anthony Vance, professor, Virginia Tech Department of Business Information Technology
Co-PI: Tanner Upthegrove, media engineer, Virginia Tech Institute for Creativity, Arts, and Technology
Rationale and Background
A critical unit for the cybersecurity of large organizations is a security operations center (SOC), which continuously monitors and coordinates responses to cybersecurity threats
SOCs, which operate around the clock every day of the year, allow organizations to quickly detect and respond to cybersecurity attacks.
However, given the enormity of data monitored, information overload is a challenge, with 70 percent of cybersecurity professionals in one survey citing it as a problem. Sixty-one percent also had issues with too many alerts requiring a response.
This burnout means as many as 44 percent of security alerts could go uninvestigated.
Methodology
Subject matter experts, as well as those unfamiliar with SOCs, will be recruited to evaluate the sonified SOC. Investigators will collect behavioral performance data from participants, who will also undergo a hearing test before the study.
The team will use SOC alert data and the HDLA system to determine:
- The relative effects of visual and aural security alert data on SOC operators’ information overload.
- The relative effects of visual and aural security alert data on SOC operators’ response accuracy.
- The possibility that a combination of visual and aural alert data will lead to lower information overload and higher response accuracy.
Projected Outcomes
The investigators will:
- Deliver several demonstrations of a hybrid visual-audio HDLA SOC that exemplifies the relationship between audio techniques and real-world cybersecurity problems such as anomaly detection, attack-and-defend, firewall activity, and threat response.
- Use simulated and anonymized SOC data to demonstrate the potential of the hybrid visual-audio HDLA SOC system.
- Present and/or publish findings to the Audio Engineering Society (AES), the Institute of Electrical and Electronics Engineers (IEEE), CCI events, and the International Conference for Information Systems, and other outlets.
- Set a goal of delivering a working prototype that can integrate with existing workflows.