Grouping and Determining Perceived Severity of Cyber-Attack Consequences: Gaining Information Needed to Sonify Cyber-Attacks

Cyber-attacks are a continuing problem. These attacks are problematic for users who are visually impaired and cannot rely on visual cues to indicate a potential cyber-attack. Sonification is an alternative way to help users who are visually impaired detect potential cyber-attacks. Sonification provides information to users using non-speech sounds. Sonification could provide users who are visually impaired with information on potential cyber-attack consequences that could stem from their actions. However, there are two challenges with sonifying cyber-attack consequences. First, there are many potential cyber-attack consequences to sonify, and humans have a limited ability to remember associations between sonifications and their meanings. Second, cyber-attack warning messages are better trusted when they align the severity of the consequences with the user’s perceived severity. However, we do not know the perceived severity of individual consequences. Therefore, we need to reduce the number of consequences to sonify and to determine the perceived severity of these consequences. We had non-expert participants group cyber-attack consequences based on perceived similarity. Analyses revealed that participants’ groupings formed seven clusters. We then had non-expert participants rate the perceived severity of each cyber-attack consequence. Those ratings were used to determine the perceived severity of each cluster. These efforts resulted in a set of cyber-attack consequence clusters that (a) is small enough that users should be able to remember associations between sonifications and their meanings, and (b) can be sonified in a way that reflects users’ perceptions regarding the severity of the clustered cyber-attack consequences. As such, the results of these studies are critical steps towards creating effective sonifications that serve as cyber-security warning messages.