harp and data

Turning network traffic data into music to spot anomalies

Sifting through network traffic data to spot anomalies that could indicate security issues, even when automation filters out false positives, leaves analysts monitoring massive amounts of data.  Now, though, scientists at Carnegie Mellon’s CyLab have developed a novel way of detecting abnormal behavior that lets users listen, rather than look, at cybersecurity data for deviations.

Researchers at CMU’s security and privacy institute have developed a musical mapping algorithm that transforms a dataset into a structured soundscape, allowing humans to hear the numbers, according to their paper.

“We wanted to articulate normal and abnormal patterns through music,” CyLab Senior Systems Scientist Yang Cai said. “The process of sonification -- using audio to perceptualize data -- is not new, but sonification to make data more appealing to the human ear is.”

The researchers tried several different “sound mapping” algorithms, changing datasets into music with various melodies, harmonies, time signatures, and tempos, according to a CyLab press report. They used a harp to perform Baroque style rhythm and timing and with an electronic online pitch sequencer.

“The researchers assigned specific notes to the 10 digits that make up any number found in data: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9,” CyLab reported. “To represent the third and fourth digits of the mathematical constant Pi -- 4 and 1 -- they modified the time signature of one measure to 4/4 and the following measure to 1/4.”

With this formula, the team transposed traffic data from a malware distribution network into music and played it for non-musicians who could accurately recognize deviations in pitch that indicated a change in the network traffic. When the music was combined with a visualization of the data, listeners could more easily grasp the patterns.

sonification of Pi

Click number block above to play music.

“We are not only making music, but turning abstract data into something that humans can process,” the authors wrote in their study.

Cai said he expects that cybersecurity data will one day be explored through virtual reality, where the data in the network can be both seen and heard. As analysts use virtual reality to move closer to an individual data point in the network, they would also hear music that represents that data.

“The idea is to use all of humans’ sensory channels to explore this cyber analytical space,” Cai said.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected