BSIDES Cape Town 2018 - Hearing the Internet Background Radiation - Brent Shaw & Sean Davenport

Network telescopes provide key insight into various large scale internet events that take place, and are a key focusing ring for the identification of strange request behaviour. The traffic that these telescopes see is often referred to internet background radiation. When visualising data, the ability of a researcher to draw meaning from the events presented is limited by the projection of the data. While 3 dimensional space can be projected onto a 2D plane, this still limits the amount of information we can process when looking at a visualisation. Data sonification might provide a higher dimensional medium with which to investigate data. 3D audio spatialisation, combined with amplitude and spectral manipulation allows for an interesting approach to analysing network telescope data. This sonification technique can be used to identify and investigate events captured by telescopes, such as various forms of scanning, malware and other unsolicited traffic. In this presentation we will discuss methods of sonifying telescope data. In particular we will look into a spatialisation technique known as Ambisonics, and how this can be used as a spatial projection method to denote packet origins and data flows. We will also determine mappings of packet parameters to audio processes that define the timbre, tonality and mood of the sonification to aid in analysis. This presentation will cover various techniques that are used make the identification of network events within sonified data recognisable to a listener. Since hearing is different to seeing, this method can be used in conjunction with visual rendering techniques to provide enriched analysis of data. Speakers: Twitter - https://twitter.com/_Brent_Shaw