Open Access Open Access  Restricted Access Subscription Access

Cyber Awareness Learning Imitation Environment (CALIE): A Card Game to provide Cyber Security Awareness for Various Group of Practitioners


Affiliations
1 Department of Information Technology, SASTRA Deemed University, Thanjavur - 613 401, India
2 Department of Computer Science, SASTRA Deemed University, Thanjavur – 613 401
 

Cyber attacks produced a massive impact for all online users, interrupted intended user’s internet services, financial losses, business interruptions for a large-scale industry. A proper cyber security education is must for the employees of an organization. The management prefers active based learning environment to train all non-IT and non-professionals working in an organization. This research work concentrates on development of gaming platform in both local host and in an online mode as a videogame for cyber security education. With this regard, Cyber Awareness Learning Imitation Environment – a card deck gaming environment is proposed where attackers can choose the attack cards to learn various cyber-attacks, defense cards are used for providing the suitable defense mechanism, Instruction card- to be used for learning about how to generate cyber-attacks and recent incident card used to train the players with recent incidents of various cyber-attacks discussed such as malware attack, phishing attack, password attack, Man-in-the-Middle attack, Structured Query Language injection attack, denial of service attack, insider threats, crypto jacking, zero-day exploit and watering hole attack. Questionnaire based feedback report is collected from the players to analyze their understanding about various cyber-attacks.

Keywords

Active Learning, Card-Deck Game, Cyber Attacks, Cyber Education, Cyber Education Training Methods, Gaming Environment
User
Notifications
Font Size

  • Rathore, H., Samavedhi, A., Sahay, S.K. and Sewak,M.,2021. Robust malware detection models: learning from adversarial attacks and defenses. Forensic Science International: Digital Investigation, 37, p.301183.
  • Bhardwaj, A., Al-Turjman, F., Sapra, V., Kumar, M.and Stephan, T., 2021. Privacy-aware detection framework to mitigate new-age phishing attacks. Computers & Electrical Engineering, 96, pp.107546.
  • Kwon, T. and Song, J., 1998. Efficient and secure password-based authentication protocols against guessing attacks. Computer communications, 21(9), pp.853-861.
  • Lu, J.Z. and Zhou, J., 2012. Preventing delegationbased mobile authentications from man-in-themiddle attacks. Computer Standards & Interfaces, 34(3), pp.314-326.
  • Natarajan, K. and Subramani, S., 2012. Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks. Procedia Technology, 4, pp.790-796.
  • Ramasubramanian, B., Rajan, M.A., Chandra, M.G., Cleaveland, R. and Marcus, S.I., 2022. Resilience to denial-of-service and integrity attacks: A structured systems approach. European Journal of Control, 63, pp.61-69.
  • Wei, Y., Chow, K.P. and Yiu, S.M., 2021. Insider threat prediction based on unsupervised anomaly detection scheme for proactive forensic investigation. Forensic Science International: Digital Investigation, 38, pp.301126.
  • Xu, G., Dong, W., Xing, J., Lei, W., Liu, J., Gong, L., Feng, M., Zheng, X. and Liu, S., 2022. Delay- CJ: A novel cryptojacking covert attack method based on delayed strategy and its detection. Digital Communications and Networks.
  • Singh, U.K., Joshi, C. and Kanellopoulos, D., 2019. A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications, 46, pp.164- 172.
  • Ismail, K.A., Singh, M.M., Mustaffa, N., Keikhosrokiani, P. and Zulkefli, Z., 2017. Security strategies for hindering watering hole cyber crime attack. Procedia Computer Science, 124, pp.656- 663. [11] Li Y, Liu Q. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports. 2021 Nov 1;7: pp. 8176-86.
  • Alghamdie, M.I., 2021. A novel study of preventing the cyber security threats. Materials Today: Proceedings.
  • Bhol, S.G., Mohanty, J.R. and Pattnaik, P.K., 2021. Taxonomy of cyber security metrics to measure strength of cyber security. Materials Today: Proceedings.
  • Hart, S., Margheri, A., Paci, F. and Sassone, V., 2020. Riskio: A serious game for cyber security awareness and education. Computers & Security, 95, p.101827.
  • Zha, L., Liao, R., Liu, J., Cao, J. and Xie, X., 2022. Dynamic event-triggered security control of cyber-physical systems against missing measurements and cyber-attacks. Neurocomputing.
  • https://www.statista.com/statistics/266161/website s-most-affected-by-phishing/
  • Ali, W., 2017. Phishing website detection based on supervised machine learning with wrapper features selection. International Journal of Advanced Computer Science and Applications, 8(9).
  • A. Mishra, B.B. Gupta Intelligent phishing detection system using similarity matching algorithms Int. J. Inf. Commun. Technol., 12 (2018), pp. 51-73
  • Gupta, B.B., Chaudhary, P., Chang, X. and Nedjah, N., 2022. Smart defense against distributed Denial of service attack in IoT networks using supervised learning classifiers. Computers & Electrical Engineering, 98, p.107726.
  • Rao, Y.S., Keshri, A.K., Mishra, B.K. and Panda, T.C., 2020. Distributed denial of service attack on targeted resources in a computer network for critical infrastructure: A differential e-epidemic model. Physica A: Statistical Mechanics and Its Applications, 540, p.123240.
  • Ismail, S., Hassen, H.R., Just, M. and Zantout, H., 2021. A review of amplification-based distributed denial of service attacks and their mitigation. Computers & Security, 109, p.102380.
  • Ahmad, S., Umirzakova, S., Jamil, F. and Whangbo, T.K., 2022. Internet-of-things-enabled serious games: A comprehensive survey. Future Generation Computer Systems.
  • Sviridov, G., Bonola, M., Tulumello, A., Giaccone, P., Bianco, A. and Bianchi, G., 2021. LOcAl DEcisions on Replicated States (LOADER) in programmable dataplanes: Programming abstraction and experimental evaluation. Computer Networks, 184, p.107637.
  • Kaur, S., Kumar, K., Aggarwal, N. and Singh, G., 2021. A comprehensive survey of DDoS defense solutions in SDN: Taxonomy, research challenges, and future directions. Computers & Security, 110, p.102423.
  • Myneni, S., Chowdhary, A., Huang, D. and Alshamrani, A., 2022. SmartDefense: A distributed deep defense against DDoS attacks with edge computing. Computer Networks, 209, p.108874.
  • Chen, H.B., Chen, T.H., Lee, W.B. and Chang, C.C., 2008. Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks. Computer Standards & Interfaces, 30(1-2), pp.95- 99.
  • Satoh, A., Nakamura, Y. and Ikenaga, T., 2015. A flow-based detection method for stealthy dictionary attacks against Secure Shell. Journal of Information Security and Applications, 21, pp.31- 41.
  • Joshi, A., Wazid, M. and Goudar, R.H., 2015. An efficient cryptographic scheme for text message protection against brute force and cryptanalytic attacks. Procedia Computer Science, 48, pp.360- 366.
  • Boyle, R.J. and Panko, R., 2012. Corporate computer security. Prentice Hall Press.
  • Pang, Z.H., Fan, L.Z., Sun, J., Liu, K. and Liu, G.P., 2021. Detection of stealthy false data injection attacks against networked control systems via active data modification. Information Sciences, 546, pp.192-205.
  • Ren, X.X. and Yang, G.H., 2020. Adaptive control for nonlinear cyber‐physical systems under false data injection attacks through sensor networks. International Journal of Robust and Nonlinear Control, 30(1), pp.65-79.
  • Wang, J.S. and Yang, G.H., 2018. Data-driven methods for stealthy attacks on TCP/IP-based networked control systems equipped with attack detectors. IEEE transactions on cybernetics, 49(8), pp.3020-3031.
  • Natarajan, K. and Subramani, S., 2012. Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks. Procedia Technology, 4, pp.790-796.
  • Zhang, Z., Zhang, Y., Guo, D., Yao, L. and Li, Z., 2022. SecFedNIDS: Robust defense for poisoning attack against federated learning-based network intrusion detection system. Future Generation Computer Systems, 134, pp.154-169.
  • Katsantonis, M.N., Mavridis, I. and Gritzalis, D., 2021. Design and evaluation of cofelet-based approaches for cyber security learning and training. Computers & Security, 105, p.102263.
  • Kandasamy, N.K., Venugopalan, S., Wong, T.K. and Leu, N.J., 2022. An electric power digital twin for cyber security testing, research and education. Computers and Electrical Engineering, 101, p.108061.
  • O’Connor, S., Hasshu, S., Bielby, J., Colreavy- Donnelly, S., Kuhn, S., Caraffini, F. and Smith, R., 2021. SCIPS: A serious game using a guidance mechanic to scaffold effective training for cyber security. Information Sciences, 580, pp.524-540.
  • Zhang, Y. and Malacaria, P., 2021. Bayesian Stackelberg games for cyber-security decision support. Decision Support Systems, 148, p.113599.
  • Wolfenden, B., 2019. Gamification as a winning cyber security strategy. Computer Fraud & Security, 2019(5), pp.9-12.
  • Cone, B.D., Irvine, C.E., Thompson, M.F. and Nguyen, T.D., 2007. A video game for cyber security training and awareness. computers & security, 26(1), pp.63-72.

Abstract Views: 198

PDF Views: 0




  • Cyber Awareness Learning Imitation Environment (CALIE): A Card Game to provide Cyber Security Awareness for Various Group of Practitioners

Abstract Views: 198  |  PDF Views: 0

Authors

P. Mohana Priya
Department of Information Technology, SASTRA Deemed University, Thanjavur - 613 401, India
Abhijit Ranganathan
Department of Computer Science, SASTRA Deemed University, Thanjavur – 613 401

Abstract


Cyber attacks produced a massive impact for all online users, interrupted intended user’s internet services, financial losses, business interruptions for a large-scale industry. A proper cyber security education is must for the employees of an organization. The management prefers active based learning environment to train all non-IT and non-professionals working in an organization. This research work concentrates on development of gaming platform in both local host and in an online mode as a videogame for cyber security education. With this regard, Cyber Awareness Learning Imitation Environment – a card deck gaming environment is proposed where attackers can choose the attack cards to learn various cyber-attacks, defense cards are used for providing the suitable defense mechanism, Instruction card- to be used for learning about how to generate cyber-attacks and recent incident card used to train the players with recent incidents of various cyber-attacks discussed such as malware attack, phishing attack, password attack, Man-in-the-Middle attack, Structured Query Language injection attack, denial of service attack, insider threats, crypto jacking, zero-day exploit and watering hole attack. Questionnaire based feedback report is collected from the players to analyze their understanding about various cyber-attacks.

Keywords


Active Learning, Card-Deck Game, Cyber Attacks, Cyber Education, Cyber Education Training Methods, Gaming Environment

References