Do You Hear What I Hear? A Cyberattack

Carnegie Mellon University ---

Cybersecurity analysts deal with enormous amounts of data, especially when monitoring network traffic. Printed out, a single day’s worth of network traffic may rival a thick phonebook. Detecting an abnormality is like finding a needle in a haystack.

"It’s an ocean of data," said Yang Cai (left), a senior systems scientist in Carnegie Mellon University’s CyLab. "The important patterns we need to see become buried."

Cai has been working for years to come up with ways to make abnormalities in network traffic easier to spot. Previously, he and his research group developed a data visualization tool that allowed users to see network traffic patterns, and now he has developed a way to hear them.

In a new study presented at the International Conference on Applied Human Factors and Ergonomics , Cai and two co-authors showed how cybersecurity data can be heard in the form of music. When there’s a change in the network traffic, there is a change in the music.

"We wanted to articulate normal and abnormal patterns through music," Cai said. "The process of sonification - using audio to perceptualize data - is not new, but sonification to make data more appealing to the human ear is."

"The idea is to use all of humans’ sensory channels to explore this cyber analytical space." - Yang Cai

The researchers experimented with several different "sound mapping" algorithms, transforming numeral datasets into music with various melodies, harmonies, time signatures and tempos. For example, the researchers assigned specific notes to the 10 digits that make up any number found in data: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. To represent the third and fourth digits of the mathematical constant pi - 4 and 1 - they modified the time signature of one measure to 4/4 and the following measure to 1/4.

While this all may sound complicated, the researchers found one doesn’t need to be a trained musician to detect these changes in the music. The team created music using network traffic data from a real malware distribution network and presented the music to non-musicians. They found that non-musicians were able to accurately recognize changes in pitch when played on different instruments.

"We are not only making music but turning abstract data into something that humans can process," the authors wrote in the study.

Cai said his vision is that someday, an analyst will be able to explore cybersecurity data with virtual reality goggles presenting the visualization of the network space. When the analyst moves closer to an individual data point, or a cluster of data, music representing that data would gradually become more audible.

"The idea is to use all of humans’ sensory channels to explore this cyber analytical space," Cai said.

While Cai himself is not a trained musician, his two co-authors on the study are. Jakub Polaczyk and Katelyn Croft (left and right, respectively) graduated from CMU’s College of Fine Arts. Polaczyk obtained his Artist Diploma in composition in 2013 and is currently an award-winning composer based in New York City. Croft obtained her master’s degree in harp performance in 2020 and is currently in Taiwan studying the influence of Western music on Asian music.

At CMU, Croft worked in Cai’s lab on a virtual recital project. Polaczyk took Cai’s university-wide course Creativity in 2011 and the two have collaborated ever since.

"This kind of cross-disciplinary collaboration really exemplifies CMU’s strengths," said Cai.

Fulbright Grantees’ Dreams on Pause, but not Forgotten

Researchers Create Tool To See Network Traffic, Stop Cyber Attacks