Open Access
Subscription Access
Cyber Awareness Learning Imitation Environment (CALIE): A Card Game to provide Cyber Security Awareness for Various Group of Practitioners
Cyber attacks produced a massive impact for all online users, interrupted intended user’s internet services, financial losses, business interruptions for a large-scale industry. A proper cyber security education is must for the employees of an organization. The management prefers active based learning environment to train all non-IT and non-professionals working in an organization. This research work concentrates on development of gaming platform in both local host and in an online mode as a videogame for cyber security education. With this regard, Cyber Awareness Learning Imitation Environment – a card deck gaming environment is proposed where attackers can choose the attack cards to learn various cyber-attacks, defense cards are used for providing the suitable defense mechanism, Instruction card- to be used for learning about how to generate cyber-attacks and recent incident card used to train the players with recent incidents of various cyber-attacks discussed such as malware attack, phishing attack, password attack, Man-in-the-Middle attack, Structured Query Language injection attack, denial of service attack, insider threats, crypto jacking, zero-day exploit and watering hole attack. Questionnaire based feedback report is collected from the players to analyze their understanding about various cyber-attacks.
Keywords
Active Learning, Card-Deck Game, Cyber Attacks, Cyber Education, Cyber Education Training Methods, Gaming Environment
User
Font Size
Information
- Rathore, H., Samavedhi, A., Sahay, S.K. and Sewak,M.,2021. Robust malware detection models: learning from adversarial attacks and defenses. Forensic Science International: Digital Investigation, 37, p.301183.
- Bhardwaj, A., Al-Turjman, F., Sapra, V., Kumar, M.and Stephan, T., 2021. Privacy-aware detection framework to mitigate new-age phishing attacks. Computers & Electrical Engineering, 96, pp.107546.
- Kwon, T. and Song, J., 1998. Efficient and secure password-based authentication protocols against guessing attacks. Computer communications, 21(9), pp.853-861.
- Lu, J.Z. and Zhou, J., 2012. Preventing delegationbased mobile authentications from man-in-themiddle attacks. Computer Standards & Interfaces, 34(3), pp.314-326.
- Natarajan, K. and Subramani, S., 2012. Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks. Procedia Technology, 4, pp.790-796.
- Ramasubramanian, B., Rajan, M.A., Chandra, M.G., Cleaveland, R. and Marcus, S.I., 2022. Resilience to denial-of-service and integrity attacks: A structured systems approach. European Journal of Control, 63, pp.61-69.
- Wei, Y., Chow, K.P. and Yiu, S.M., 2021. Insider threat prediction based on unsupervised anomaly detection scheme for proactive forensic investigation. Forensic Science International: Digital Investigation, 38, pp.301126.
- Xu, G., Dong, W., Xing, J., Lei, W., Liu, J., Gong, L., Feng, M., Zheng, X. and Liu, S., 2022. Delay- CJ: A novel cryptojacking covert attack method based on delayed strategy and its detection. Digital Communications and Networks.
- Singh, U.K., Joshi, C. and Kanellopoulos, D., 2019. A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications, 46, pp.164- 172.
- Ismail, K.A., Singh, M.M., Mustaffa, N., Keikhosrokiani, P. and Zulkefli, Z., 2017. Security strategies for hindering watering hole cyber crime attack. Procedia Computer Science, 124, pp.656- 663. [11] Li Y, Liu Q. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports. 2021 Nov 1;7: pp. 8176-86.
- Alghamdie, M.I., 2021. A novel study of preventing the cyber security threats. Materials Today: Proceedings.
- Bhol, S.G., Mohanty, J.R. and Pattnaik, P.K., 2021. Taxonomy of cyber security metrics to measure strength of cyber security. Materials Today: Proceedings.
- Hart, S., Margheri, A., Paci, F. and Sassone, V., 2020. Riskio: A serious game for cyber security awareness and education. Computers & Security, 95, p.101827.
- Zha, L., Liao, R., Liu, J., Cao, J. and Xie, X., 2022. Dynamic event-triggered security control of cyber-physical systems against missing measurements and cyber-attacks. Neurocomputing.
- https://www.statista.com/statistics/266161/website s-most-affected-by-phishing/
- Ali, W., 2017. Phishing website detection based on supervised machine learning with wrapper features selection. International Journal of Advanced Computer Science and Applications, 8(9).
- A. Mishra, B.B. Gupta Intelligent phishing detection system using similarity matching algorithms Int. J. Inf. Commun. Technol., 12 (2018), pp. 51-73
- Gupta, B.B., Chaudhary, P., Chang, X. and Nedjah, N., 2022. Smart defense against distributed Denial of service attack in IoT networks using supervised learning classifiers. Computers & Electrical Engineering, 98, p.107726.
- Rao, Y.S., Keshri, A.K., Mishra, B.K. and Panda, T.C., 2020. Distributed denial of service attack on targeted resources in a computer network for critical infrastructure: A differential e-epidemic model. Physica A: Statistical Mechanics and Its Applications, 540, p.123240.
- Ismail, S., Hassen, H.R., Just, M. and Zantout, H., 2021. A review of amplification-based distributed denial of service attacks and their mitigation. Computers & Security, 109, p.102380.
- Ahmad, S., Umirzakova, S., Jamil, F. and Whangbo, T.K., 2022. Internet-of-things-enabled serious games: A comprehensive survey. Future Generation Computer Systems.
- Sviridov, G., Bonola, M., Tulumello, A., Giaccone, P., Bianco, A. and Bianchi, G., 2021. LOcAl DEcisions on Replicated States (LOADER) in programmable dataplanes: Programming abstraction and experimental evaluation. Computer Networks, 184, p.107637.
- Kaur, S., Kumar, K., Aggarwal, N. and Singh, G., 2021. A comprehensive survey of DDoS defense solutions in SDN: Taxonomy, research challenges, and future directions. Computers & Security, 110, p.102423.
- Myneni, S., Chowdhary, A., Huang, D. and Alshamrani, A., 2022. SmartDefense: A distributed deep defense against DDoS attacks with edge computing. Computer Networks, 209, p.108874.
- Chen, H.B., Chen, T.H., Lee, W.B. and Chang, C.C., 2008. Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks. Computer Standards & Interfaces, 30(1-2), pp.95- 99.
- Satoh, A., Nakamura, Y. and Ikenaga, T., 2015. A flow-based detection method for stealthy dictionary attacks against Secure Shell. Journal of Information Security and Applications, 21, pp.31- 41.
- Joshi, A., Wazid, M. and Goudar, R.H., 2015. An efficient cryptographic scheme for text message protection against brute force and cryptanalytic attacks. Procedia Computer Science, 48, pp.360- 366.
- Boyle, R.J. and Panko, R., 2012. Corporate computer security. Prentice Hall Press.
- Pang, Z.H., Fan, L.Z., Sun, J., Liu, K. and Liu, G.P., 2021. Detection of stealthy false data injection attacks against networked control systems via active data modification. Information Sciences, 546, pp.192-205.
- Ren, X.X. and Yang, G.H., 2020. Adaptive control for nonlinear cyber‐physical systems under false data injection attacks through sensor networks. International Journal of Robust and Nonlinear Control, 30(1), pp.65-79.
- Wang, J.S. and Yang, G.H., 2018. Data-driven methods for stealthy attacks on TCP/IP-based networked control systems equipped with attack detectors. IEEE transactions on cybernetics, 49(8), pp.3020-3031.
- Natarajan, K. and Subramani, S., 2012. Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks. Procedia Technology, 4, pp.790-796.
- Zhang, Z., Zhang, Y., Guo, D., Yao, L. and Li, Z., 2022. SecFedNIDS: Robust defense for poisoning attack against federated learning-based network intrusion detection system. Future Generation Computer Systems, 134, pp.154-169.
- Katsantonis, M.N., Mavridis, I. and Gritzalis, D., 2021. Design and evaluation of cofelet-based approaches for cyber security learning and training. Computers & Security, 105, p.102263.
- Kandasamy, N.K., Venugopalan, S., Wong, T.K. and Leu, N.J., 2022. An electric power digital twin for cyber security testing, research and education. Computers and Electrical Engineering, 101, p.108061.
- O’Connor, S., Hasshu, S., Bielby, J., Colreavy- Donnelly, S., Kuhn, S., Caraffini, F. and Smith, R., 2021. SCIPS: A serious game using a guidance mechanic to scaffold effective training for cyber security. Information Sciences, 580, pp.524-540.
- Zhang, Y. and Malacaria, P., 2021. Bayesian Stackelberg games for cyber-security decision support. Decision Support Systems, 148, p.113599.
- Wolfenden, B., 2019. Gamification as a winning cyber security strategy. Computer Fraud & Security, 2019(5), pp.9-12.
- Cone, B.D., Irvine, C.E., Thompson, M.F. and Nguyen, T.D., 2007. A video game for cyber security training and awareness. computers & security, 26(1), pp.63-72.
Abstract Views: 197
PDF Views: 0