Sonification With Music for Cybersecurity Situational Awareness

Proceedings of the 25th International Conference on Auditory Display (ICAD 2019) ◽

10.21785/icad2019.014 ◽

2019 ◽

Cited By ~ 1

Author(s):

Courtney Falk ◽

Josiah Dykstra

Keyword(s):

Input Data ◽

Situational Awareness ◽

Computer Network ◽

Balance Performance ◽

High Stakes ◽

Training Time ◽

Security Operations ◽

Data Signal ◽

Musical Cues ◽

Human Listener

Cyber defenders work in stressful, information-rich, and high-stakes environments. While other researchers have considered soniﬁcation for security operations centers (SOCs), the mappings of network events to sound parameters have produced aesthetically unpleasing results. This paper proposes a novel soniﬁcation pro-cess for transforming data about computer network trafﬁc into music. The musical cues relate to notable network events in such a way as to minimize the amount of training time a human listener would need in order to make sense of the cues. We demonstrate our technique on a dataset of 708 million authentication events over nine continuous months from an enterprise network. We il-lustrate a volume-centric approach in relation to the amplitude of the input data, and also a volumetric approach mapping the input data signal into the number of notes played. The resulting music prioritizes aesthetics over bandwidth to balance performance with adoption.

Download Full-text

Componential coding in the condition monitoring of electrical machines Part 1: Principles and illustrations using simulated typical faults

Proceedings of the Institution of Mechanical Engineers Part C Journal of Mechanical Engineering Science ◽

10.1243/095440603322310431 ◽

2003 ◽

Vol 217 (8) ◽

pp. 883-899 ◽

Cited By ~ 2

Author(s):

C J S Webber ◽

B S Payne ◽

F Gu ◽

A D Ball

Keyword(s):

Condition Monitoring ◽

Input Data ◽

Angular Position ◽

Principal Component ◽

Real Data ◽

Companion Paper ◽

Reference Points ◽

Electrical Machines ◽

Efficient Manner ◽

Data Signal

This paper (Part 1) describes the principles of a novel unsupervised adaptive neural network anomaly detection technique, called componential coding, in the context of condition monitoring of electrical machines. Numerical examples are given to illustrate the technique's capabilities. The companion paper (Part 2), which follows, assesses componential coding in its application to real data recorded from a known machine and an entirely unseen machine (a conventional induction motor and a novel transverse flux motor respectively). Componential coding is particularly suited to applications in which no machine-specific tailored techniques have been developed or in which no previous monitoring experience is available. This is because componential coding is an unsupervised technique that derives the features of the data during training, and so requires neither labelling of known faults nor pre-processing to enhance known fault characteristics. Componential coding offers advantages over more familiar unsupervised data processing techniques such as principal component analysis. In addition, componential coding may be implemented in a computationally efficient manner by exploiting the periodic convolution theorem. Periodic convolution also gives the algorithm the advantage of time invariance; i.e. it will work equally well even if the input data signal is offset by arbitrary displacements in time. This means that there is no need to synchronize the input data signal with respect to reference points or to determine the absolute angular position of a rotating part.

Download Full-text

Modelling Situation Awareness Information and System Requirements for the Mission using Goal-Oriented Task Analysis Approach

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch023 ◽

2014 ◽

pp. 460-478

Author(s):

Cyril Onwubiko

Keyword(s):

Situation Awareness ◽

Task Analysis ◽

Situational Awareness ◽

Computer Network ◽

Valuable Insight ◽

Test Scenario ◽

Agent Oriented Software Engineering ◽

Awareness Information ◽

System Requirements ◽

Security Test

This chapter describes work on modelling situational awareness information and system requirements for the mission. Developing this model based on Goal-Oriented Task Analysis representation of the mission using an Agent Oriented Software Engineering methodology advances current information requirement models because it provides valuable insight on how to effectively achieve the mission’s requirements (information, systems, networks, and IT infrastructure), and offers enhanced situational awareness within the Computer Network Defence environment. Further, the modelling approach using Secure Tropos is described, and model validation using a security test scenario is discussed.

Download Full-text

Network Situational Awareness

Advances in Digital Crime, Forensics, and Cyber Terrorism - Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance ◽

10.4018/978-1-4666-6324-4.ch021 ◽

2015 ◽

pp. 334-349 ◽

Cited By ~ 3

Author(s):

Tom Fairfax ◽

Christopher Laing ◽

Paul Vickers

Keyword(s):

Real Time ◽

Network Traffic ◽

Affective Computing ◽

Situational Awareness ◽

Computer Network ◽

Emergent Properties ◽

Self Organized ◽

Traffic Volumes ◽

Self Organized Criticality ◽

Intelligent Information

This chapter treats computer networks as a cyber warfighting domain in which the maintenance of situational awareness is impaired by increasing traffic volumes and the lack of immediate sensory perception. Sonification (the use of non-speech audio for communicating information) is proposed as a viable means of monitoring a network in real time and a research agenda employing the sonification of a network's self-organized criticality within a context-aware affective computing scenario is given. The chapter views a computer network as a cyber battlespace with a particular operations spectrum and dynamics. Increasing network traffic volumes are interfering with the ability to present real-time intelligence about a network and so suggestions are made for how the context of a network might be used to help construct intelligent information infrastructures. Such a system would use affective computing principles to sonify emergent properties (such as self-organized criticality) of network traffic and behaviour to provide effective real-time situational awareness.

Download Full-text

Designing Information Systems and Network Components for Situational Awareness

Situational Awareness in Computer Network Defense ◽

10.4018/978-1-4666-0104-8.ch007 ◽

2012 ◽

pp. 104-123

Author(s):

Cyril Onwubiko

Keyword(s):

Information Systems ◽

Complex Networks ◽

Computer Networks ◽

Situational Awareness ◽

Computer Network ◽

Distributed Services ◽

Network Applications ◽

Systems Software ◽

Design Requirements

Operators need situational awareness (SA) of their organisation’s computer networks and Information Systems in order to identify threats, estimate impact of attacks, evaluate risks, understand situations, and make sound decisions swiftly and accurately on what to protect against, and how to address incidents that may impact valued assets. Enterprise computer networks are often huge and complex, spanning across several WANs and supporting a number of distributed services. Understanding situations in such dynamic and complex networks is time-consuming and challenging. Operators SA are enhanced through a number of ways, one of which is through the use of situation-aware systems and technology. Designing situation-aware systems for computer network defence (CND) is difficult without understanding basic situational awareness design requirements of network applications and systems. Thus, this chapter investigates pertinent features that are foundation, essential, and beneficial for designing situation-aware systems, software, and network applications for CND.

Download Full-text

Keys to Effective Communication in All Circumstances

Communication in Emergency Medicine ◽

10.1093/med/9780190852917.003.0003 ◽

2019 ◽

pp. 27-42

Author(s):

Kirsten J. Broadfoot ◽

Todd A. Guth

Keyword(s):

Cognitive Processing ◽

Clinical Decision Making ◽

Situational Awareness ◽

Clinical Decision ◽

Patient Needs ◽

High Stakes ◽

Communication Practices ◽

High Degree ◽

Patient Stories ◽

Over Time

Emergency departments (EDs), with their high degree of interruption, evolving and often incoherent patient stories, and multiple patient needs, strain practitioner cognitive processing over time, forcing a reliance on default communication approaches and pattern recognition. This shift to scripted, routinized, and default approaches to interaction in the ED reduces situational awareness, impacting providers’ ability to respond appropriately to the person and story in front of them and their clinical decision making. However, being able to rapidly and effectively adapt to circumstances is essential for high-functioning providers in emergency department settings. Although solid, learned fundamental communication checklists can suffice in straightforward, low-stakes, or routine individual and team encounters, complicated, high-stakes, or unusual circumstances or situations require effective communicators to move beyond habituated communication practices to those that enable providers to appropriately interpret and adapt to circumstances while respecting self, others, and context.

Download Full-text

Research on Application of Artificial Intelligence in Computer Network Technology

International Journal of Pattern Recognition and Artificial Intelligence ◽

10.1142/s0218001419590158 ◽

2019 ◽

Vol 33 (05) ◽

pp. 1959015 ◽

Cited By ~ 24

Author(s):

Qingjun Wang ◽

Peng Lu

Keyword(s):

Artificial Intelligence ◽

Intrusion Detection ◽

Computer Network ◽

False Negative ◽

Back Propagation ◽

False Negative Rate ◽

Classification Performance ◽

Network Size ◽

Network Technology ◽

Training Time

With the continuous expansion of the application scope of computer network technology, various malicious attacks that exist in the Internet range have caused serious harm to computer users and network resources. This paper attempts to apply artificial intelligence (AI) to computer network technology and research on the application of AI in computing network technology. Designing an intrusion detection model based on improved back propagation (BP) neural network. By studying the attack principle, analyzing the characteristics of the attack method, extracting feature data, establishing feature sets, and using the agent technology as the supporting technology, the simulation experiment is used to prove the improvement effect of the system in terms of false alarm rate, convergence speed, and false negative rate, the rate reached 86.7%. The results show that this fast algorithm reduces the training time of the network, reduces the network size, improves the classification performance, and improves the intrusion detection rate.

Download Full-text

Adaptive Visualization of Complex Networks with FocalPoint

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1541931213601052 ◽

2016 ◽

Vol 60 (1) ◽

pp. 233-237 ◽

Cited By ~ 2

Author(s):

Catherine Inibhunu ◽

Scott Langevin

Keyword(s):

Complex Networks ◽

Cognitive Load ◽

Situation Awareness ◽

Operations Management ◽

Computational Models ◽

Situational Awareness ◽

Computer Network ◽

Global Network ◽

Optimum Level ◽

Information Structures

Maintaining situational awareness of a dynamic global computer network that consists of ten to hundreds of thousands of computers is a complex task for cyber administrators and operators looking to understand, plan and conduct operations in real time. Currently, cyber specialists must manually navigate complex networks by continuous cycles of overviews, drilldowns and manually mapping network incidents to mission impact. This is inefficient as manually maneuvering of network data is laborious, induces cognitive overload, and is prone to errors caused by distractive information resulting in important information and impacts not being seen. We are investigating “FocalPoint” an adaptive level of detail (LOD) recommender system tailored for hierarchical network information structures. FocalPoint reasons about contextual information associated with the network, user task, and user cognitive load to tune the presentation of network visualization displays to improve user performance in perception, comprehension and projection of current situational awareness. Our system is applied to two complex information constructs important to dynamic cyber network operations: network maps and attack graphs. The key innovations include: (a) context-aware automatic tailoring of complex network views, (b) multi-resolution hierarchical graph aggregation, (c) incorporation of new computational models for adaptive-decision making on user tasks, cost/benefit utility and human situation awareness, and (d) user interaction techniques to integrate recommendations into the network viewing system. Our aim is to have a direct impact on planning and operations management for complex networks by; overcoming information overload, preventing tunnel vision, reducing cognitive load, and increasing time available to focus on optimum level of details of the global network space and missions.

Download Full-text

Review of Situational Awareness for Computer Network Defense

Situational Awareness in Computer Network Defense ◽

10.4018/978-1-4666-0104-8.ch001 ◽

2012 ◽

pp. 1-9 ◽

Cited By ~ 4

Author(s):

Cyril Onwubiko ◽

Thomas Owens

Keyword(s):

Computer Security ◽

Traffic Control ◽

Air Traffic Control ◽

Situational Awareness ◽

Computer Network ◽

Computer Systems ◽

Air Traffic ◽

Point Of View ◽

Network Defense ◽

Computer Network Defense

The importance of situational awareness to air traffic control, and hence the safety and security of aircraft, is evident, demonstrable, and has been hugely significant. The main purpose of this book is to convey an understanding of the impact of situational awareness on the design of the next generation computer systems, network architectures, and platform infrastructures. The book achieves its purpose by presenting principles, methods, and applications of situational awareness for computer network defense; in doing so, it makes clear the benefits situational awareness can provide for information security, computer security and computer network defense. This book contributes to cross-multidisciplinary discussion among researchers, academia, and practitioners who are engaged objectively in sharing, contributing, and showcasing how situational awareness can be adapted to computer systems, network infrastructure designs, and architecture patterns. The goal of this chapter is to explain situational awareness for computer network defense from the point of view of its most basic foundations as a spring board to discuss how situational awareness can be relevant to computer network defense, whose operations and environment are similar to air traffic control where the application of situational awareness has been hugely successful.

Download Full-text

Data presentation in security operations centres: exploring the potential for sonification to enhance existing practice

Journal of Cybersecurity ◽

10.1093/cybsec/tyaa004 ◽

2020 ◽

Vol 6 (1) ◽

Author(s):

Louise Axon ◽

Bushra A AlAhmadi ◽

Jason R C Nurse ◽

Michael Goldsmith ◽

Sadie Creese

Keyword(s):

Online Survey ◽

Computer Network ◽

Network Activity ◽

Visual Data ◽

Security Monitoring ◽

Data Presentation ◽

Working Environments ◽

Potential Benefits ◽

Security Operations ◽

Automated Tools

Abstract Security practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer network activity. This work requires both automated tools that detect and prevent attacks, and data presentation tools that can present pertinent network security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification in which data are represented as sound, is said to have potential as an approach that could work alongside existing visual data presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this article, therefore, is to address this gap by exploring attitudes to using sonification in SOCs and by identifying the data presentation approaches currently used. We report on the results of a study consisting of an online survey (N = 20) and interviews (N = 21) with security practitioners working in a range of different SOCs. Our contributions are (i) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (ii) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (iii) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting and (iv) evidence of the visual data presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC.

Download Full-text

GEO-ANALYTIC FUNCTIONS FOR UN FIELD OPERATIONS – UN OPEN GIS: SPIRAL 3 GEO-ANALYSIS

ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences ◽

10.5194/isprs-archives-xlii-4-w14-127-2019 ◽

2019 ◽

Vol XLII-4/W14 ◽

pp. 127-133

Author(s):

H.-K. Kang ◽

T. Obukhov ◽

M. Lee

Keyword(s):

Situational Awareness ◽

Geospatial Analysis ◽

Use Case ◽

Military Operations ◽

Epidemiological Analysis ◽

Model Builder ◽

Security Operations ◽

Comprehensive Study ◽

Open Gis

<p><strong>Abstract.</strong> This paper presents a case of developing open geospatial analysis functions and a processing toolbox as parts of UN Open GIS Spiral 3 activities. A comprehensive study focused on the use of geospatial analysis at the UN operations has been carried out, which covered various UN operations such as situational awareness, security operations, military operations, protection of civilians, epidemiological analysis, and so on. Four requirements on development of 1) primitive geospatial analysis functions, 2) processing toolbox or processing environment like WPS request builder of GeoServer, 3) model builder, and 4) management of the model builder were clarified through the study. By focusing the first and second requirements, a development architecture was proposed based on JAVA and GeoTools. The scope of implementation and its assessment were described. In addition, a use-case introduced a way of using geospatial functions developed in this research to analyse geostatistic factors that affect to occurrence of Ebola disease. Through the use-case study presented in the paper, I would like to share the experiences and lessons about the development of geospatial analysis functions, which would be used as a reference for other developments and applications.</p>

Download Full-text