Abstract
Computer security competitions have been playing a significant role in encouraging students to get into cybersecurity, as well as enhancing the cybersecurity education system. The level of difficulty of the computer security tasks could be intimidating for most students and learners, one of the reasons there has been a shortage of cybersecurity professionals, in addition to that the lack of technical training and materials. The risks posed by the cyberattacks keep constantly evolving that positions the cybersecurity education as constantly changing area, which are at times hard to teach. Furthermore, the cybersecurity laboratories are hard to setup and the assessment tools are not accurate. This obviously impacts the proper engagement of students and the learning outcomes. To address these issues, we propose a game-based learning platform to enhance cybersecurity education. The platform applies an adapted ARCS motivational model to design and evaluate different challenges, it includes a virtual lab for students with the necessary tools for practice and a web portal where all challenges and learning materials are hosted. The aim is to help students learn at their own pace about different cybersecurity challenges, give them the opportunity to gain hacking skills with ethics taken in mind in a much safer environment. Learning by solving fun puzzles and playing educational games has a huge impact on students’ performances in cybersecurity. Although the contributed solution is developed for UAE University, we believe it imparts same gains in similar educational institutes.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alqahtani, H., & Kavakli-Thorne, M. (2020). Design and evaluation of an augmented reality game for cybersecurity awareness (cybar). Information, 11(2). [Online] Available: https://www.mdpi.com/2078-2489/11/2/121.
Awojana, T., & Chou, T. S. (2019). Overview of learning cybersecurity through game based systems. In Proceeding of the 2019 conference for industry and education collaboration, CIEC 2019.
Balaban, M., Parise, F., & Mastaglio, T. (2016). Towards an instructional design method to develop m&s supported port management instructions.
Burket, J., Chapman, P., Becker, T., Ganas, C., & Brumley, D. (2015). Automatic problem generation for capture-the-flag competitions. In 2015 USENIX Summit on gaming, games, and gamification in security education, 3GSE 2015.
Chapman, P., Burket, J., & Brumley, D. (2014). PicoCTF: A game-based computer security competition for high school students. In 2014 USENIX Summit on gaming, games, and gamification in security education, 3GSE 2014.
Cisco. (2015). What is cybersecurity? [Online]. Available: https://www.cisco.com/c/en_ae/products/security/what-is-cybersecurity.html.
Dennen, V. (2004). Cognitive apprenticeship in educational practic: Research on scaffolding, modeling, mentoring, and coaching as instructional strategies. Handbook of Research on Educational Communications and Technology.
Dunphy, B., & Dunphy, S. (2003). Assisted performance and the zone of proximal development (zpd); a potential framework for providing surgical education. Australian Journal of Educational and Developmental Psychology, 3, 48–58.
Giannakas, F., Kambourakis, G., & Gritzalis, S. (2015). Cyberaware: A mobile game-based app for cybersecurity education and awareness. In 2015 International conference on interactive mobile communication technologies and learning (IMCL) (pp. 54–58): IEEE. [Online]. Available: http://ieeexplore.ieee.org/document/7359553/.
Giannakas, F., Papasalouros, A., Kambourakis, G., & Gritzalis, S. (2019). A comprehensive cybersecurity learning platform for elementary education. Information Security Journal: A Global Perspective, 28(3), :81–106. [Online]. Available: https://doi.org/10.1080/19393555.2019.1657527.
Gonzalez, H., Llamas-Contreras, R., & Ordaz, F. (2017). Cybersecurity teaching through gamification: Aligning training resources to our syllabus. Research in Computing Science, 146, 35–43.
Graham, K., Anderson, J., Rife, C., Heitmeyer, B., Patel, P. R., Nykl, S., Lin, A. C., & Merkle, L. D. (2020). Cyberspace Odyssey: A Competitive Team-Oriented Serious Game in Computer Networking. IEEE Transactions on Learning Technologies, 13(3), 502–515. [Online]. Available: https://ieeexplore.ieee.org/document/9138771/.
Gultom, R. A., & Alrianto, B. (2017). Enhancing network security environment by empowering modeling and simulation strategy. In Proc. 11th int. Conf. Internet monit. protection (pp. 45–52).
Harmon, T. D. (2016). Cyber security capture the flag (ctf): What is it? [Online]. Available: https://blogs.cisco.com/perspectives/cyber-security-capture-the-flag-ctf-what-is-it.
Hart, S., Margheri, A., Paci, F., & Sassone, V. (2020). Riskio: A Serious Game for Cyber Security Awareness and Education. Computers & Security, 95, 101827. [Online] Available: https://linkinghub.elsevier.com/retrieve/pii/S0167404820301012.
Jordan, C., Knapp, M., Mitchell, D., Claypool, M., & Fisler, K. (2011). Countermeasures: A game for teaching computer security. In Annual workshop on network and systems support for games.
Kaneko, K., Saito, Y., Nohara, Y., Kudo, E., & Yamada, M. (2015). A game-based learning environment using the arcs model at a university library.
Kaspersky. (2007). What is cyber security? [Online]. Available: https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security.
Kucek, S., & Leitner, M. (2020). An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments. Journal of Network and Computer Applications, 151, 102470. [Online] Available: https://linkinghub.elsevier.com/retrieve/pii/S1084804519303303.
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., & Hong, J. (2010). Teaching johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT), 10(2), 7.
Lehrfeld, M., & Guest, P. (2016). Building an ethical hacking site for learning and student engagement. In Southeastcon 2016 (pp. 1–6).
Margalit, O. (2016). Using computer programming competition for cyber education. In 2016 IEEE International conference on software science, technology and engineering (SWSTE) (pp. 104–107).
Nagarajan, A., Allbeck, J. M., Sood, A., & Janssen, T. L. (2012). Exploring game design for cybersecurity training. In 2012 IEEE International conference on cyber technology in automation, control, and intelligent systems (CYBER) (pp. 256–262).
Oo, B. L., & Lim, B. T. T.-H. (2016). Game-based learning in construction management courses: a case of bidding game. Engineering, Construction and Architectural Management, 23(1), 4–19. [Online]. Available: https://www.emerald.com/insight/content/doi/10.1108/ECAM-02-2015-0029/full/html.
Pusey, P., Gondree, M., & Peterson, Z. (2016). The outcomes of cybersecurity competitions and implications for underrepresented populations. IEEE Security Privacy, 14(6), 90–95.
Resources, E. I. (2021). Talent LMS Survey Results, Gartner Research, Gamification in corporate training – infographic. Journal of Network and Computer Applications, 151, 102470. [Online] Available: https://www.pulselearning.com/blog/gamification-infographic.
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L. F., Hong, J., & Nunge, E. (2007). Anti-Phishing Phil. In Proceedings of the 3rd symposium on Usable privacy and security - SOUPS ’07. [Online]. Available: http://portal.acm.org/citation.cfm?doid=1280680.1280692, (Vol. 229 p. 88). New York: ACM Press.
Srikwan, S., & Jakobsson, M. (2008). Using cartoons to teach internet security. Cryptologia. 32. 137–154. https://doi.org/10.1080/01611190701743724.
trainingindustry. (2020). Learning content management system lcms.
Twitchell, D. (2007). Securitycom: A Multi-Player Game for Researching and Teaching Information Security Teams. Journal of Digital Forensics, Security and Law. [Online] Available: http://commons.erau.edu/jdfsl/vol2/iss4/1/.
Tupsamudre, H., Vaddepalli, S., Banahatti, V., & Lodha, S. (2018). TinPal: An Enhanced Interface for Pattern Locks. In Workshop on Usable Security (USEC 2018). Internet Society. https://doi.org/10.14722/usec.2018.23021.
Xuquan, S. C., & Kim, Y. C. (2011). A cyberciege traffic analysis extension for teaching network security. [Online] Available: https://calhoun.nps.edu/handle/10945/10578.
Acknowledgements
Authors are thankful to the students (Yousuf Shamsi, Nouf Alneyadi, Meera Ahmed AlToom, Ahmad Alnajjar, Shamma Alshamsi), who have contributed in parts to the paper through their course work of Research Methods.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Khan, M.A., Merabet, A., Alkaabi, S. et al. Game-based learning platform to enhance cybersecurity education. Educ Inf Technol 27, 5153–5177 (2022). https://doi.org/10.1007/s10639-021-10807-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10639-021-10807-6