Nothing Special   »   [go: up one dir, main page]

Sonification of network traffic flow for monitoring and situational awareness

PLoS One. 2018 Apr 19;13(4):e0195948. doi: 10.1371/journal.pone.0195948. eCollection 2018.

Abstract

Maintaining situational awareness of what is happening within a computer network is challenging, not only because the behaviour happens within machines, but also because data traffic speeds and volumes are beyond human ability to process. Visualisation techniques are widely used to present information about network traffic dynamics. Although they provide operators with an overall view and specific information about particular traffic or attacks on the network, they often still fail to represent the events in an understandable way. Also, because they require visual attention they are not well suited to continuous monitoring scenarios in which network administrators must carry out other tasks. Here we present SoNSTAR (Sonification of Networks for SiTuational AwaReness), a real-time sonification system for monitoring computer networks to support network administrators' situational awareness. SoNSTAR provides an auditory representation of all the TCP/IP traffic within a network based on the different traffic flows between between network hosts. A user study showed that SoNSTAR raises situational awareness levels by enabling operators to understand network behaviour and with the benefit of lower workload demands (as measured by the NASA TLX method) than visual techniques. SoNSTAR identifies network traffic features by inspecting the status flags of TCP/IP packet headers. Combinations of these features define particular traffic events which are mapped to recorded sounds to generate a soundscape that represents the real-time status of the network traffic environment. The sequence, timing, and loudness of the different sounds allow the network to be monitored and anomalous behaviour to be detected without the need to continuously watch a monitor screen.

Publication types

  • Research Support, Non-U.S. Gov't

MeSH terms

  • Awareness*
  • Computer Communication Networks*
  • Humans
  • Information Technology*

Grants and funding

This work was supported by Libyan Embassy Cultural Attache, London (http://culturalaffairs.libyanembassy.org/En/), Student Number: 10233; Mohamed Debashi is the author who received the funding. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.