Abstract

Security practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer network activity. This work requires both automated tools that detect and prevent attacks, and data presentation tools that can present pertinent network security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification in which data are represented as sound, is said to have potential as an approach that could work alongside existing visual data presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this article, therefore, is to address this gap by exploring attitudes to using sonification in SOCs and by identifying the data presentation approaches currently used. We report on the results of a study consisting of an online survey (N = 20) and interviews (N = 21) with security practitioners working in a range of different SOCs. Our contributions are (i) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (ii) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (iii) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting and (iv) evidence of the visual data presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC.

中文翻译：

---

安全行动中心的数据展示：探索超音波的潜力，以增强现有实践

摘要

在安全运营中心（SOC）工作的安全从业人员负责检测和缓解恶意计算机网络活动。这项工作既需要检测和防止攻击的自动化工具，也需要可以以有效且易于理解的方式向从业人员展示相关网络安全监视信息的数据呈现工具。近年来，在可视化数据表示方法方面取得了进展，并且在SOC中采用了一些高级安全可视化工具。声音被表示为声音的声音化技术有潜力与现有的视觉数据表示方法一起使用，以解决SOC所面临的一些独特挑战。例如，超声波显示可以对过程进行外围监视，这可以帮助从业者在繁忙的SOC中执行多任务。但是，尚未研究安全从业人员将超音波纳入其实际工作环境的观点。因此，本文的目的是通过探讨在SOC中使用超音波的态度并确定当前使用的数据表示方法来解决这一差距。我们报告由在线调查组成的研究结果（N  = 20）和访谈（N = 21）与在不同SOC范围内工作的安全从业人员。我们的贡献是（i）对声处理有助于SOC工作实践的环境进行了精细的理解，（ii）对声处理可能无益甚至有问题的领域的了解，（iii）对声处理的分析设计超声波系统并将其集成到SOC设置中的关键要求，以及（iv）当前使用的可视数据表示技术的证据，以及识别超声波可能如何协同工作并解决使用它们的挑战。我们的发现澄清了对引入声波法在此至关重要的安全监视环境中支持工作的潜在好处和挑战的见解。