From cyber-security deception to manipulation and gratification through gamification
Bellekens, Xavier and Jayasekera, Gayan and Hindy, Hanan and Bureš, Miroslav and Brosset, David and Tachtatzis, Christos and Atkinson, Robert (2019) From cyber-security deception to manipulation and gratification through gamification. In: 21st International Conference on Human-Computer Interaction, 2019-07-26 - 2019-07-31, Walt Disney World Swan and Dolphin Resort. (https://doi.org/10.1007/978-3-030-22351-9_7)
Preview |
Text.
Filename: Bellekens_etal_HCI2019_From_cyber_security_deception_to_manipulation_and_gratification.pdf
Accepted Author Manuscript Download (761kB)| Preview |
Abstract
Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine.
ORCID iDs
Bellekens, Xavier, Jayasekera, Gayan, Hindy, Hanan, Bureš, Miroslav, Brosset, David, Tachtatzis, Christos ORCID: https://orcid.org/0000-0001-9150-6805 and Atkinson, Robert ORCID: https://orcid.org/0000-0002-6206-2229;-
-
Item type: Conference or Workshop Item(Paper) ID code: 66566 Dates: DateEvent31 July 2019Published26 October 2018AcceptedNotes: Part of the Lecture Notes in Computer Science book series (LNCS, volume 11594). Subjects: Science > Mathematics > Electronic computers. Computer science Department: Faculty of Engineering > Electronic and Electrical Engineering
Strategic Research Themes > Measurement Science and Enabling TechnologiesDepositing user: Pure Administrator Date deposited: 15 Jan 2019 11:04 Last modified: 11 Nov 2024 16:56 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/66566