{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T11:46:42Z","timestamp":1753876002985,"version":"3.41.2"},"reference-count":54,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2020,2,28]],"date-time":"2020-02-28T00:00:00Z","timestamp":1582848000000},"content-version":"vor","delay-in-days":58,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/K035606\/1"],"award-info":[{"award-number":["EP\/K035606\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Security practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer network activity. This work requires both automated tools that detect and prevent attacks, and data presentation tools that can present pertinent network security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification in which data are represented as sound, is said to have potential as an approach that could work alongside existing visual data presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this article, therefore, is to address this gap by exploring attitudes to using sonification in SOCs and by identifying the data presentation approaches currently used. We report on the results of a study consisting of an online survey (N\u2009=\u200920) and interviews (N\u2009=\u200921) with security practitioners working in a range of different SOCs. Our contributions are (i) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (ii) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (iii) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting and (iv) evidence of the visual data presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaa004","type":"journal-article","created":{"date-parts":[[2020,2,28]],"date-time":"2020-02-28T16:09:55Z","timestamp":1582906195000},"source":"Crossref","is-referenced-by-count":6,"title":["Data presentation in security operations centres: exploring the potential for sonification to enhance existing practice"],"prefix":"10.1093","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5979-7630","authenticated-orcid":false,"given":"Louise","family":"Axon","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bushra A","family":"AlAhmadi","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jason R C","family":"Nurse","sequence":"first","affiliation":[{"name":"School of Computing, University of Kent, Canterbury, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Goldsmith","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sadie","family":"Creese","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2020,2,28]]},"reference":[{"first-page":"347","year":"2015","author":"Sundaramurthy","key":"2020022811094233800_tyaa004-B1"},{"year":"1999","author":"Kramer","key":"2020022811094233800_tyaa004-B2"},{"volume-title":"The Sonification Handbook","year":"2011","author":"Hermann","key":"2020022811094233800_tyaa004-B3"},{"key":"2020022811094233800_tyaa004-B4","first-page":"26","article-title":"A formalised approach to designing sonification systems for network-security monitoring","volume":"10","author":"Axon","year":"2017","journal-title":"Int J Adv Secur"},{"first-page":"80640P","year":"2011","author":"Ballora","key":"2020022811094233800_tyaa004-B5"},{"key":"2020022811094233800_tyaa004-B6","doi-asserted-by":"crossref","first-page":"e0195948","DOI":"10.1371\/journal.pone.0195948","article-title":"Sonification of network traffic flow for monitoring and situational awareness","volume":"13","author":"Debashi","year":"2018","journal-title":"PloS One"},{"key":"2020022811094233800_tyaa004-B7","doi-asserted-by":"crossref","first-page":"33826","DOI":"10.1109\/ACCESS.2018.2847349","article-title":"Sonification of network traffic for detecting and learning about botnet behaviour","author":"Debashi","year":"2018","journal-title":"IEEE Access, vol. 6"},{"key":"2020022811094233800_tyaa004-B8","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1016\/j.ijhcs.2016.06.002","article-title":"Continuous sonification enhances adequacy of interactions in peripheral process monitoring","volume":"95","author":"Hildebrandt","year":"2016","journal-title":"Int J Hum Comput Stud"},{"key":"2020022811094233800_tyaa004-B9","doi-asserted-by":"crossref","first-page":"533","DOI":"10.1006\/ijhc.2001.0483","article-title":"\u2018International standards for hci and usability\u2019","volume":"55","author":"Bevan","year":"2001","journal-title":"Int J Hum Comput Stud"},{"key":"2020022811094233800_tyaa004-B10","first-page":"133","volume-title":"IFIP World Computer Congress, TC 13","author":"Maguire","year":"2002"},{"key":"2020022811094233800_tyaa004-B11","doi-asserted-by":"crossref","first-page":"397","DOI":"10.1080\/01449290310001624329","article-title":"Key principles for user-centred systems design","volume":"22","author":"Gulliksen","year":"2003","journal-title":"Behav Inform Technol"},{"year":"2018","author":"Axon","key":"2020022811094233800_tyaa004-B12"},{"key":"2020022811094233800_tyaa004-B13","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MIC.2017.52","article-title":"Humans are dynamic-our tools should be too","volume":"21","author":"Sundaramurthy","year":"2017","journal-title":"IEEE Internet Comput"},{"year":"2013","key":"2020022811094233800_tyaa004-B14"},{"first-page":"43","year":"2014","author":"Sundaramurthy","key":"2020022811094233800_tyaa004-B15"},{"key":"2020022811094233800_tyaa004-B16","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/978-3-319-41932-9_7","volume-title":"Advances in Human Factors in Cybersecurity","author":"D\u2019Amico","year":"2016"},{"key":"2020022811094233800_tyaa004-B17","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1002\/sec.324","article-title":"A survey of security visualization for computer network logs","volume":"5","author":"Zhang","year":"2012","journal-title":"Secur Commun Netw"},{"first-page":"100","year":"2007","author":"Botta","key":"2020022811094233800_tyaa004-B18"},{"key":"2020022811094233800_tyaa004-B19","first-page":"93","article-title":"Critical visualization: a case for rethinking how we visualize risk and security","volume":"1","author":"Hall","year":"2015","journal-title":"J Cybersecur"},{"key":"2020022811094233800_tyaa004-B20","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/978-3-540-78243-8_2","volume-title":"VizSEC 2007","author":"D\u2019Amico","year":"2008"},{"key":"2020022811094233800_tyaa004-B21","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1108\/09685220910944722","article-title":"An integrated view of human, organizational, and technological challenges of it security management","volume":"17","author":"Werlinger","year":"2009","journal-title":"IMCS"},{"key":"2020022811094233800_tyaa004-B22","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1108\/09685221011035241","article-title":"Preparation, detection, and analysis: the diagnostic work of it security incident response","volume":"18","author":"Werlinger","year":"2010","journal-title":"Information Management & Computer Security"},{"key":"2020022811094233800_tyaa004-B23","first-page":"229","volume-title":"Proceedings of the Human Factors and Ergonomics Society Annual Meeting","author":"D\u2019Amico","year":"2005"},{"first-page":"3789","year":"2008","author":"Werlinger","key":"2020022811094233800_tyaa004-B24"},{"year":"2016","author":"Sundaramurthy","key":"2020022811094233800_tyaa004-B25"},{"key":"2020022811094233800_tyaa004-B26","doi-asserted-by":"crossref","first-page":"584","DOI":"10.1016\/j.ijhcs.2009.03.002","article-title":"Security practitioners in context: their activities and interactions with other stakeholders within organizations","volume":"67","author":"Werlinger","year":"2009","journal-title":"Int J Hum Comput Stud"},{"year":"2009","author":"Brown","key":"2020022811094233800_tyaa004-B27"},{"first-page":"109","year":"2000","author":"Gilfix","key":"2020022811094233800_tyaa004-B28"},{"first-page":"235","year":"2012","author":"Giot","key":"2020022811094233800_tyaa004-B29"},{"key":"2020022811094233800_tyaa004-B30","doi-asserted-by":"crossref","first-page":"5214","DOI":"10.1016\/j.promfg.2015.07.589","article-title":"Augmenting cyber defender performance and workload through sonified displays","volume":"3","author":"Mancuso","year":"2015","journal-title":"Procedia Manuf"},{"first-page":"90","year":"2004","author":"Papadopoulos","key":"2020022811094233800_tyaa004-B31"},{"key":"2020022811094233800_tyaa004-B32","doi-asserted-by":"crossref","first-page":"1634","DOI":"10.1007\/978-3-540-76843-2_36","volume-title":"On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and Is","author":"Qi","year":"2007"},{"key":"2020022811094233800_tyaa004-B33","first-page":"3","article-title":"Auralization of intrusion detection system using Jlisten","volume":"22","author":"Gopinath","year":"2004","journal-title":"Development"},{"first-page":"14","year":"2015","author":"Kaczmarek","key":"2020022811094233800_tyaa004-B34"},{"key":"2020022811094233800_tyaa004-B35","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1109\/MSP.2017.4251110","article-title":"An exploration of the effects of sensory stimuli on the completion of security tasks","volume":"15","author":"Berg","year":"2017","journal-title":"IEEE Priv Secur"},{"key":"2020022811094233800_tyaa004-B36","first-page":"378","article-title":"Positive effects of noise on cognitive performance: explaining the moderate brain arousal model. In: Proceedings of the 9th Congress of the International Commission on the Biological Effects of Noise","author":"S\u00f6derlund","year":"2008","journal-title":"Leibniz Gemeinschaft"},{"key":"2020022811094233800_tyaa004-B37","doi-asserted-by":"crossref","first-page":"287","DOI":"10.1111\/j.1745-3984.1985.tb01065.x","article-title":"Face validity revisited","volume":"22","author":"Nevo","year":"1985","journal-title":"J Educ Meas"},{"key":"2020022811094233800_tyaa004-B38","doi-asserted-by":"crossref","first-page":"453","DOI":"10.1006\/ijhc.2001.0486","article-title":"Context of use within usability activities","volume":"55","author":"Maguire","year":"2001","journal-title":"Int J Hum Comput Stud"},{"key":"2020022811094233800_tyaa004-B39","doi-asserted-by":"crossref","first-page":"1377","DOI":"10.1016\/j.clinph.2007.01.025","article-title":"Event-based sonification of EEG rhythms in real time","volume":"118","author":"Baier","year":"2007","journal-title":"Clin Neurophysiol"},{"key":"2020022811094233800_tyaa004-B40","doi-asserted-by":"crossref","first-page":"e56","DOI":"10.1371\/journal.pbio.0040056","article-title":"Visual clutter causes high-magnitude errors","volume":"4","author":"Baldassi","year":"2006","journal-title":"PLoS Biol"},{"first-page":"84","year":"2012","author":"Ballora","key":"2020022811094233800_tyaa004-B41"},{"year":"2014","author":"Etoty","key":"2020022811094233800_tyaa004-B42"},{"year":"2013","author":"Merced","key":"2020022811094233800_tyaa004-B43"},{"key":"2020022811094233800_tyaa004-B44","doi-asserted-by":"crossref","first-page":"11641","DOI":"10.1523\/JNEUROSCI.0873-09.2009","article-title":"\u2018Multisensory congruency as a mechanism for attentional control over perceptual selection","volume":"29","author":"van Ee","year":"2009","journal-title":"J Neurosci"},{"first-page":"55","year":"1932","author":"Likert","key":"2020022811094233800_tyaa004-B45"},{"first-page":"2391","year":"2010","author":"Kaptein","key":"2020022811094233800_tyaa004-B46"},{"first-page":"21","year":"2011","author":"Nurse","key":"2020022811094233800_tyaa004-B47"},{"key":"2020022811094233800_tyaa004-B48","doi-asserted-by":"crossref","first-page":"1217","DOI":"10.1111\/j.1365-2929.2004.02012.x","article-title":"Likert scales: how to (ab) use them","volume":"38","author":"Jamieson","year":"2004","journal-title":"Med Educ"},{"key":"2020022811094233800_tyaa004-B49","doi-asserted-by":"crossref","first-page":"625","DOI":"10.1007\/s10459-010-9222-y","article-title":"Likert scales, levels of measurement and the \u2018laws\u2019 of statistics","volume":"15","author":"Norman","year":"2010","journal-title":"Adv Health Sci Educ"},{"key":"2020022811094233800_tyaa004-B50","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1145\/2160718.2160721","article-title":"Likert-type scales, statistical methods, and effect sizes","volume":"55","author":"Robertson","year":"2012","journal-title":"Commu ACM"},{"first-page":"118","year":"1998","author":"King","key":"2020022811094233800_tyaa004-B51"},{"key":"2020022811094233800_tyaa004-B52","doi-asserted-by":"crossref","first-page":"367","DOI":"10.1016\/j.cose.2019.03.004","article-title":"Hearing attacks in network data: an effectiveness study","volume":"83","author":"Axon","year":"2019","journal-title":"Comput Secur"},{"year":"2019","author":"Axon","key":"2020022811094233800_tyaa004-B53"},{"volume-title":"Auditory Display: Sonification, Audification, and Auditory Interfaces","year":"2000","author":"Kramer","key":"2020022811094233800_tyaa004-B54"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/6\/1\/tyaa004\/32708660\/tyaa004.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/6\/1\/tyaa004\/32708660\/tyaa004.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,27]],"date-time":"2023-09-27T21:07:34Z","timestamp":1695848854000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaa004\/5766338"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,1]]},"references-count":54,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaa004","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"type":"print","value":"2057-2085"},{"type":"electronic","value":"2057-2093"}],"subject":[],"published-other":{"date-parts":[[2020]]},"published":{"date-parts":[[2020,1,1]]},"article-number":"tyaa004"}}