Abstract
Game-based learning is a promising approach to anti-phishing education, as it fosters motivation and can help reduce the perceived difficulty of the educational material. Over the years, several prototypes for game-based applications have been proposed, that follow different approaches in content selection, presentation, and game mechanics. In this paper, a literature and product review of existing learning games is presented. Based on research papers and accessible applications, an in-depth analysis was conducted, encompassing target groups, educational contexts, learning goals based on Bloom’s Revised Taxonomy, and learning content. As a result of this review, we created the publications on games (POG) data set for the domain of anti-phishing education. While there are games that can convey factual and conceptual knowledge, we find that most games are either unavailable, fail to convey procedural knowledge or lack technical depth. Thus, we identify potential areas of improvement for games suitable for end-users in informal learning contexts.
R. Roepke, K. Koehler and V. Drury—Contributed equally.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://dl.acm.org/, last accessed on 2020-07-13.
- 2.
https://scholar.google.de/, last accessed on 2020-07-13.
- 3.
https://ieeexplore.ieee.org/, last accessed on 2020-07-13.
- 4.
https://www.dropbox.com/, last accessed on 2020-04-27.
- 5.
https://github.com/, last accessed 2020-04-07.
- 6.
https://url.spec.whatwg.org/, last accessed 2020-04-07.
References
Shi, F.: Threat Spotlight: Coronavirus-Related Phishing (2020). https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/
Anti-Phishing Working Group: Phishing Attack Trends Report, 4th Quarter 2019. Report, Anti-Phishing Working Group (2020). https://docs.apwg.org/reports/apwg_trends_report_q4_2019.pdf
Gupta, B.B., Tewari, A., Jain, A.K., Agrawal, D.P.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28(12), 3629–3654 (2016). https://doi.org/10.1007/s00521-016-2275-y
Canova, G., Volkamer, M., Bergmann, C., Borza, R.: NoPhish: an anti-phishing education app. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 188–192. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_14
Sheng, S., et al.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Symposium on Usable Privacy and Security, SOUPS 2007, pp. 88–99. ACM, New York (2007)
Hale, M.L., Gamble, R.F., Gamble, P.: CyberPhishing: a game-based platform for phishing awareness testing. In: Hawaii International Conference on System Sciences, Kauai, vol. 48, pp. 5260–5269. IEEE (2015)
Krathwohl, D.R.: A revision of bloom’s taxonomy: an overview. Theory Pract. 41(4), 212–218 (2002)
Alotaibi, F., Furnell, S., Stengel, I., Papadaki, M.: A review of using gaming technology for cyber-security awareness. Inf. Secur. Res. 6(2), 660–666 (2016)
Compte, A.L., Elizondo, D., Watson, T.: A renewed approach to serious games for cyber security. In: International Conference on Cyber Conflict: Architectures in Cyberspace, Tallinn, pp. 203–216. IEEE (2015)
Dewey, C.M., Shaffer, C.: Advances in information SEcurity EDucation. In: International Conference on Electro Information Technology, Grand Forks, pp. 133–138. IEEE (2016)
Hendrix, M., Al-Sherbaz, A., Bloom, V.: Game based cyber security training: are serious games suitable for cyber security training? Serious Games 3(1), 53–61 (2016)
Monk, T., Van Niekerk, J., Von Solms, R.: Concealing the medicine: information security education through game play. In: Information Security for South Africa, Pretoria, pp. 467–478. ISSA (2009)
Tioh, J.N., Mina, M., Jacobson, D.W.: Cyber security training a survey of serious games in cyber security. In: 2017 IEEE Frontiers in Education Conference (FIE), Indianapolis, pp. 1–5. IEEE (2017)
Pastor, V., Díaz, G., Castro, M.: State-of-the-art simulation systems for information security education, training and awareness. In: EDUCON, Madrid, pp. 1907–1916. IEEE (2010)
Roepke, R., Schroeder, U.: The problem with teaching defence against the dark arts: a review of game-based learning applications and serious games for cyber security education. In: International Conference on Computer Supported Education, Heraklion, vol. 2, pp. 58–66. SciTePress (2019)
Köhler, K., Röpke, R., Wolf, M.R.: Through a mirror darkly - on the obscurity of teaching goals in game-based learning in IT security. In: Simulation & Gaming Through Times and Across Disciplines, pp. 324–335. Akademia Leona Kozminskiego, Warsaw (2019)
Arnab, S., et al.: Mapping learning and game mechanics for serious games analysis. Educ. Technol. 46(2), 391–411 (2015)
König, J.A., Wolf, M.R.: A new definition of competence developing games. In: ACHI 2016, pp. 95–97. IARIA, Venice (2016)
Wolf, M.R., Wiese, U.: A comparative transformation model for process changes using serious games. In: International Conference on Serious Games and Applications for Health, Vilamoura. IEEE (2013)
McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET 2008, San Francisco (2008)
Elsayed, Y., Shosha, A.: Large scale detection of IDN domain name masquerading. In: 2018 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2018)
Resnick, P.: Rfc 5322: Internet message format (2008)
Hu, H., Wang, G.: End-to-end measurements of email spoofing attacks. In: USENIX Security Symposium (USENIX Security 18), pp. 1095–1112. USENIX Association (2018)
Huynh, D., Luong, P., Iida, H., Beuran, R.: Design and evaluation of a cybersecurity awareness training game. In: Munekata, N., Kunita, I., Hoshino, J. (eds.) ICEC 2017. LNCS, vol. 10507, pp. 183–188. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66715-7_19
Weanquoi, P., Johnson, J., Zhang, J.: Using a game to improve phishing awareness. Cybersecur. Educ. Res. Pract. 2018(2), 2 (2018)
Giannakas, F., Kambourakis, G., Gritzalis, S.: CyberAware: a mobile game-based app for cybersecurity education and awareness. In: International Conference on Interactive Mobile Communication Technologies and Learning (IMCL), Thessaloniki, pp. 54–58. IEEE (2015)
Lu, Y.: CyberCraft, a security serious game. Master’s thesis, Politecnico di Torino, Torino (2018)
König, J.A., Wolf, M.R.: GHOST: an evaluated competence developing game for cybersecurity awareness training. Adv. Secur. 11(3 & 4), 274–287 (2018)
Bergmann, C., Canova, G.: Design, implementation and evaluation of an anti-phishing education app. Master’s thesis, Technische Universität Darmstadt, Darmstadt (2014)
Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: CHI Conference on Human Factors in Computing Systems, CHI 2019. ACM, New York (2019)
Geywitz, J.: “What the Hack?” - Konzeption und Implementierung eines erweiterbaren und adaptiven Serious Game zur Verbesserung von Information Security Awareness. Master’s thesis, University of Applied Sciences, Düsseldorf (2019)
Aladawy, D., Beckers, K., Pape, S.: PERSUADED: fighting social engineering attacks with a serious game. In: Furnell, S., Mouratidis, H., Pernul, G. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 103–118. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98385-1_8
Arachchilage, N.A.G., Love, S., Maple, C.: Can a mobile game teach computer users to thwart phishing attacks? Infonomics 6(3/4), 720–730 (2015)
Baral, G., Arachchilage, N.A.G.: Building confidence not to be phished through a gamified approach: conceptualising user’s self-efficacy in phishing threat avoidance behaviour. In: Cybersecurity and Cyberforensics Conference (CCC), Melbourne, pp. 102–110. IEEE (2019)
Baslyman, M., Chiasson, S.: “Smells Phishy?”: an educational game about online phishing scams. In: 2016 APWG Symposium on Electronic Crime Research (eCrime), Toronto, Ontario, Canada, pp. 1–11. IEEE (2016)
Bauer, G., Martinek, D., Kriglstein, S., Wallner, G., Wölfle, R.: Digital game-based learning with “Internet Hero”: a game about the internet for children aged 9–12 years. In: Mitgutsch, K., Huber, S., Wagner, M., Wimmer, J., Rosenstingl, H. (eds.) Context Matters!, pp. 148–161. New Academic Press, Wien (2017)
Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements. In: International Requirements Engineering Conference (RE), Beijing, pp. 16–25. IEEE (2016)
Beckers, K., Pape, S., Fries, V.: HATCH: hack and trick capricious humans - a serious game on social engineering. In: International BCS Human Computer Interaction Conference: Companion Volume, HCI 2016, pp. 1–3. BCS Learning & Development Ltd., Swindon (2016)
Bhardwaj, J.: Design of a game for cybersecurity awareness. Master’s thesis, North Dakota State University, Fargo (2019)
Chiasson, S., Modi, M., Biddle, R.: Auction Hero: the design of a game to learn and teach about computer security. In: Ho, C., Lin, M.F.G. (eds.) E-Learn: World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education 2011, pp. 2201–2206. AACE, Honolulu (2011)
Gokul, C.J., Pandit, S., Vaddepalli, S., Tupsamudre, H., Banahatti, V., Lodha, S.: PHISHY - a serious game to train enterprise users on phishing awareness. In: Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts, CHI PLAY 2018 Extended Abstracts, pp. 169–181. ACM, New York (2018)
Cone, B.D., Irvine, C.E., Thompson, M.F., Nguyen, T.D.: A video game for cyber security training and awareness. Comput. Secur. 26(1), 63–72 (2007)
Filipczuk, D., Mason, C., Snow, S.: Using a game to explore notions of responsibility for cyber security in organisations. In: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, CHI EA 2019. ACM, New York (2019)
Frey, S., Rashid, A., Anthonysamy, P., Pinto-Albuquerque, M., Naqvi, S.A.: The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game. IEEE Trans. Softw. Eng. 45(5), 521–536 (2019)
Gondree, M., Peterson, Z.N.J.: Valuing security by getting [d0x3d!]: experiences with a network security board game. In: Workshop on Cyber Security Experimentation and Test (CSET). USENIX Association, Washington, D.C. (2013)
Hebert, A.J., Reynolds, C.O., Stack, K.J., Lindsay, R.C.: Lock\(\_\)out: a cybersecurity MQP and game. Final Report, Worcester Polytechnic Institute, Worcester (2017)
Katsadouros, E., Kogias, D., Toumanidis, L., Chatzigeorgiou, C., Patrikakis, C.Z.: Teaching network security through a scavenger hunt game. In: IEEE Global Engineering Education Conference (EDUCON), Athens, pp. 1802–1805. IEEE (2017)
Kulkarni, V.K.: Basic cybersecurity awareness through gaming. Master’s thesis, North Dakota State University, Fargo (2019)
Lopes, I., Morenets, Y., Inácio, P.R.M., Silva, F.: Cyber-detective: a game for cyber crime prevention. In: Play2Learn, Lisbon, Portugal, pp. 175–191 (2018)
Mikka-Muntuumo, J., Peters, A., Jazri, H.: CyberBullet - Share Your Story: an interactive game for stimulating awareness on the harm and negative effects of the internet. In: African Conference for Human Computer Interaction: Thriving Communities, pp. 287–290. ACM, New York (2018)
Misra, G., Arachchilage, N.A.G., Berkovsky, S.: Phish phinder: a game design approach to enhance user confidence in mitigating phishing attacks. In: Furnell, S., Clarke, N.L. (eds.) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017), Adelaide, pp. 41–51 (2017)
Monk, T., van Niekerk, J., von Solms, R.: Sweetening the medicine: educating users about information security by means of game play. In: Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists, SAICSIT 2010, pp. 193–200. ACM, New York (2010)
Olano, M., et al.: SecurityEmpire: development and evaluation of a digital game to promote cybersecurity education. In: USENIX Summit on Gaming, Games, and Gamification in Security Education, San Diego (2014)
Olanrewaju, A.S.T., Zakaria, N.H.: Social engineering awareness game (SEAG): an empirical evaluation of using game towards improving information security awareness. In: International Conference on Computing and Informatics, Istanbul, pp. 187–193 (2015)
Rieb, A., Lechner, U.: Operation digital chameleon: towards an open cybersecurity method. In: International Symposium on Open Collaboration, OpenSym 2016, pp. 1–10. ACM, New York (2016)
Stockhardt, S., Reinheimer, B., Volkamer, M.: Über die Wirksamkeit von Anti-Phishing-Training. In: Mensch und Computer 2015 - Workshopband, pp. 647–656. Oldenbourg Wissenschaftsverlag, Stuttgart (2015)
Tseng, S., Chen, K., Lee, T., Weng, J.: Automatic content generation for anti-phishing education game. In: International Conference on Electrical and Control Engineering, Yichang, pp. 6390–6394. IEEE (2011)
Tseng, S.S., Yang, T.Y., Weng, J.F., Wang, Y.J.: Building a game-based internet security learning system by ontology crystallization approach. In: International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE), p. 6. CSREA Press, Las Vegas (2015)
Vuksani, E.: Device dash: designing, implementing, and evaluating an educational computer security game. Thesis, Wellesley College & MITLincoln Laboratory, Wellesley (2012)
Yang, C., Tseng, S., Lee, T., Weng, J., Chen, K.: Building an anti-phishing game to enhance network security literacy learning. In: International Conference on Advanced Learning Technologies, Rome, vol. 12, pp. 121–123. IEEE (2012)
Yasin, A., Liu, L., Li, T., Wang, J., Zowghi, D.: Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG). Inf. Softw. Technol. 95, 179–200 (2018)
Acknowledgements
This research was supported by the research training group “Human Centered Systems Security” sponsored by the state of North Rhine-Westphalia.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Roepke, R., Koehler, K., Drury, V., Schroeder, U., Wolf, M.R., Meyer, U. (2020). A Pond Full of Phishing Games - Analysis of Learning Games for Anti-Phishing Education. In: Hatzivasilis, G., Ioannidis, S. (eds) Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020. Lecture Notes in Computer Science(), vol 12512. Springer, Cham. https://doi.org/10.1007/978-3-030-62433-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-62433-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62432-3
Online ISBN: 978-3-030-62433-0
eBook Packages: Computer ScienceComputer Science (R0)