Cadence in Chaos: Sounds of DDoS in NetFlow Logs

Cadence in Chaos: Sounds of DDoS in NetFlow Logs

For those who appreciate the healing power of music, new research could prove to be a magical security tool. By correlating traffic types from NetFlow logs with sounds of instruments, researchers at Imperva were able to translate changes in network traffic into song.

Inspired by a TED Talk called "Can We Create New Senses for Humans?" presented by Dr. David Eagleman, adjunct professor in the Department of Psychiatry & Behavioral Sciences at Stanford University, Imperva's team wondered whether tapping into the sense of sound could change the way they interpret network traffic.

"Auditory perception, we learned, has a lot of advantages oversight, especially in terms of processing spatial, temporal and volumetric information. The ability to register the most delicate differences in frequency resolution and amplitude opens up a Pandora’s Box worth of possibilities in data perception," Imperva wrote in a blog post.

Turns out that sonification is an effective monitoring tool, so they set to work to figure out how to make the internet sing. In order to collect NetFlow data, they created a Python 3 script, then processed the data into Open Source Control messages which were then converted into sound using a Ruby-based algorithmic synthesizer.

Assigning different instrumental sounds to the varied traffic types created a melody that revealed the ebb and flow of the traffic levels and also revealed shifts in pitch and volume.

A significant shift in traffic would be the harbinger of a DDoS attack. So as not to rely solely on shifts in volume as an alert, the team decided to add an additional mechanism that would really sound an alarm bell and activate a mitigation service. Their choice? The sound of a tomato being squeezed.

"I think we can confidently say this was the first time a tomato has been used in DDoS mitigation. No less important, we’re fairly certain that this was the first time that Wemos or similar technologies (e.g., Arduino) have been used to interact with a Sonic Pi, which was sort of the whole point," the researchers wrote.

The Imperva team proved that cybersecurity research can be both pleasant and fun. More importantly, what they have created could have great potential when it comes to mitigating DDoS attacks. They hope to see the sonorous songs of data become more commonplace in the future of security monitoring.

Source: Information Security Magazine