skip to main content


Title: Sonifying Internet Security Threats
The Internet enables users to access vast resources, but it can also expose users to harmful cyber-attacks. It is imperative that users be informed about a security incident in a timely manner in order to make proper decisions. Visualization of security threats and warnings is one of the effective ways to inform users. However, visual cues are not always accessible to all users, and in particular, those with visual impairments. This late-breaking-work paper hypothesizes that the use of proper sounds in conjunction with visual cues can better represent security alerts to all users. Toward our research goal to validate this hypothesis, we first describe a methodology, referred to as sonification, to effectively design and develop auditory cyber-security threat indicators to warn users about cyber-attacks. Next, we present a case study, along with the results, of various types of usability testing conducted on a number of Internet users who are visually impaired. The presented concept can be viewed as a general framework for the creation and evaluation of human factor interactions with sounds in a cyber-space domain. The paper concludes with a discussion of future steps to enhance this work.  more » « less
Award ID(s):
1347521
NSF-PAR ID:
10186852
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
CHI EA '16: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems
Page Range / eLocation ID:
2306 to 2313
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Abstract

    This paper reports a formative evaluation of auditory representations of cyber security threat indicators and cues, referred to as sonifications, to warn users about cyber threats. Most Internet browsers provide visual cues and textual warnings to help users identify when they are at risk. Although these alarming mechanisms are very effective in informing users, there are certain situations and circumstances where these alarming techniques are unsuccessful in drawing the user’s attention: (1) security warnings and features (e.g., blocking out malicious Websites) might overwhelm a typical Internet user and thus the users may overlook or ignore visual and textual warnings and, as a result, they might be targeted, (2) these visual cues are inaccessible to certain users such as those with visual impairments. This work is motivated by our previous work of the use of sonification of security warnings to users who are visually impaired. To investigate the usefulness of sonification in general security settings, this work uses real Websites instead of simulated Web applications with sighted participants. The study targets sonification for three different types of security threats: (1) phishing, (2) malware downloading, and (3) form filling. The results show that on average 58% of the participants were able to correctly remember what the sonification conveyed. Additionally, about 73% of the participants were able to correctly identify the threat that the sonification represented while performing tasks using real Websites. Furthermore, the paper introduces “CyberWarner”, a sonification sandbox that can be installed on the Google Chrome browser to enable auditory representations of certain security threats and cues that are designed based on several URL heuristics.

    Article highlights

    It is feasible to develop sonified cyber security threat indicators that users intuitively understand with minimal experience and training.

    Users are more cautious about malicious activities in general. However, when navigating real Websites, they are less informed. This might be due to the appearance of the navigating Websites or the overwhelming issues when performing tasks.

    Participants’ qualitative responses indicate that even when they did not remember what the sonification conveyed, the sonification was able to capture the user’s attention and take safe actions in response.

     
    more » « less
  2. Billions of devices in the Internet of Things (IoT) are inter-connected over the internet and communicate with each other or end users. IoT devices communicate through messaging bots. These bots are important in IoT systems to automate and better manage the work flows. IoT devices are usually spread across many applications and are able to capture or generate substantial influx of big data. The integration of IoT with cloud computing to handle and manage big data, requires considerable security measures in order to prevent cyber attackers from adversarial use of such large amount of data. An attacker can simply utilize the messaging bots to perform malicious activities on a number of devices and thus bots pose serious cybersecurity hazards for IoT devices. Hence, it is important to detect the presence of malicious bots in the network. In this paper we propose an evidence theory-based approach for malicious bot detection. Evidence Theory, a.k.a. Dempster Shafer Theory (DST) is a probabilistic reasoning tool and has the unique ability to handle uncertainty, i.e. in the absence of evidence. It can be applied efficiently to identify a bot, especially when the bots have dynamic or polymorphic behavior. The key characteristic of DST is that the detection system may not need any prior information about the malicious signatures and profiles. In this work, we propose to analyze the network flow characteristics to extract key evidence for bot traces. We then quantify these pieces of evidence using apriori algorithm and apply DST to detect the presence of the bots. 
    more » « less
  3. This report discusses Digital Forensics and Cyber-Security and different vulnerabilities that put the users at risk of compromising their sensitive data and making it available to attackers. With the raising of new threats aiming at technology, some people are not aware of hackers stealing their data. This study will discuss what Cyber-Security is and how many people are aware of what it all entails. This study will also recommendations on how to recognize attacks and learn basic terms to help inform the public. The study utilizes surveys of students from Hampton University so the authors can make the proper analysis and recommendations regarding the issue. 
    more » « less
  4. The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate attention because hackers access vital personal and financial information and then misuse it. These security issues can allow hackers to hijack IoT devices and then use them to establish a Botnet to launch a Distributed Denial of Service (DDoS) attack. Blockchain technology can provide security to IoT devices by providing secure authentication using public keys. Similarly, Smart Contracts (SCs) can improve the performance of the IoT–blockchain network through automation. However, surveyed work shows that the blockchain and SCs do not provide foolproof security; sometimes, attackers defeat these security mechanisms and initiate DDoS attacks. Thus, developers and security software engineers must be aware of different techniques to detect DDoS attacks. In this survey paper, we highlight different techniques to detect DDoS attacks. The novelty of our work is to classify the DDoS detection techniques according to blockchain technology. As a result, researchers can enhance their systems by using blockchain-based support for detecting threats. In addition, we provide general information about the studied systems and their workings. However, we cannot neglect the recent surveys. To that end, we compare the state-of-the-art DDoS surveys based on their data collection techniques and the discussed DDoS attacks on the IoT subsystems. The study of different IoT subsystems tells us that DDoS attacks also impact other computing systems, such as SCs, networking devices, and power grids. Hence, our work briefly describes DDoS attacks and their impacts on the above subsystems and IoT. For instance, due to DDoS attacks, the targeted computing systems suffer delays which cause tremendous financial and utility losses to the subscribers. Hence, we discuss the impacts of DDoS attacks in the context of associated systems. Finally, we discuss Machine-Learning algorithms, performance metrics, and the underlying technology of IoT systems so that the readers can grasp the detection techniques and the attack vectors. Moreover, associated systems such as Software-Defined Networking (SDN) and Field-Programmable Gate Arrays (FPGA) are a source of good security enhancement for IoT Networks. Thus, we include a detailed discussion of future development encompassing all major IoT subsystems. 
    more » « less
  5. Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions. 
    more » « less