From cyber-security deception to manipulation and gratification through gamification

Xavier Bellekens, Gayan ayasekara, Hanan Hindy, Miroslav Bures, David Brosset, Christos Tachtatzis, Robert Atkinson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Downloads (Pure)

Abstract

Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine.
Original languageEnglish
Title of host publicationHCI for cybersecurity, privacy and trust
Subtitle of host publicationHCII 2019
EditorsAbbas Moallem
PublisherSpringer International Publishing
Pages99-114
Number of pages16
ISBN (Print)9783030237349
DOIs
Publication statusPublished - 11 Jun 2019
EventHCI International 2019: 21st International Conference on Human-Computer Interaction - Walt Disney World Swan and Dolphin Resort, Orlando, United States
Duration: 26 Jul 201931 Jul 2019
http://2019.hci.international/

Publication series

NameLecture Notes in Computer series
PublisherSpringer
Volume11594

Conference

ConferenceHCI International 2019
Abbreviated titleHCI International
CountryUnited States
CityOrlando
Period26/07/1931/07/19
Internet address

Fingerprint

Engines
Application programs
Industry
Teaching
Internet
Communication
Internet of things

Cite this

Bellekens, X., ayasekara, G., Hindy, H., Bures, M., Brosset, D., Tachtatzis, C., & Atkinson, R. (2019). From cyber-security deception to manipulation and gratification through gamification. In A. Moallem (Ed.), HCI for cybersecurity, privacy and trust: HCII 2019 (pp. 99-114). (Lecture Notes in Computer series; Vol. 11594). Springer International Publishing. https://doi.org/10.1007/978-3-030-22351-9_7
Bellekens, Xavier ; ayasekara, Gayan ; Hindy, Hanan ; Bures, Miroslav ; Brosset, David ; Tachtatzis, Christos ; Atkinson, Robert. / From cyber-security deception to manipulation and gratification through gamification. HCI for cybersecurity, privacy and trust: HCII 2019. editor / Abbas Moallem. Springer International Publishing, 2019. pp. 99-114 (Lecture Notes in Computer series).
@inproceedings{f84b9c11db4143929f63964d4f5338ec,
title = "From cyber-security deception to manipulation and gratification through gamification",
abstract = "Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition {"}in control{"} and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical {"}know-how{"} of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine.",
author = "Xavier Bellekens and Gayan ayasekara and Hanan Hindy and Miroslav Bures and David Brosset and Christos Tachtatzis and Robert Atkinson",
year = "2019",
month = "6",
day = "11",
doi = "10.1007/978-3-030-22351-9_7",
language = "English",
isbn = "9783030237349",
series = "Lecture Notes in Computer series",
publisher = "Springer International Publishing",
pages = "99--114",
editor = "Abbas Moallem",
booktitle = "HCI for cybersecurity, privacy and trust",

}

Bellekens, X, ayasekara, G, Hindy, H, Bures, M, Brosset, D, Tachtatzis, C & Atkinson, R 2019, From cyber-security deception to manipulation and gratification through gamification. in A Moallem (ed.), HCI for cybersecurity, privacy and trust: HCII 2019. Lecture Notes in Computer series, vol. 11594, Springer International Publishing, pp. 99-114, HCI International 2019, Orlando, United States, 26/07/19. https://doi.org/10.1007/978-3-030-22351-9_7

From cyber-security deception to manipulation and gratification through gamification. / Bellekens, Xavier; ayasekara, Gayan; Hindy, Hanan; Bures, Miroslav; Brosset, David ; Tachtatzis, Christos; Atkinson, Robert.

HCI for cybersecurity, privacy and trust: HCII 2019. ed. / Abbas Moallem. Springer International Publishing, 2019. p. 99-114 (Lecture Notes in Computer series; Vol. 11594).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - From cyber-security deception to manipulation and gratification through gamification

AU - Bellekens, Xavier

AU - ayasekara, Gayan

AU - Hindy, Hanan

AU - Bures, Miroslav

AU - Brosset, David

AU - Tachtatzis, Christos

AU - Atkinson, Robert

PY - 2019/6/11

Y1 - 2019/6/11

N2 - Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine.

AB - Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine.

U2 - 10.1007/978-3-030-22351-9_7

DO - 10.1007/978-3-030-22351-9_7

M3 - Conference contribution

SN - 9783030237349

T3 - Lecture Notes in Computer series

SP - 99

EP - 114

BT - HCI for cybersecurity, privacy and trust

A2 - Moallem, Abbas

PB - Springer International Publishing

ER -

Bellekens X, ayasekara G, Hindy H, Bures M, Brosset D, Tachtatzis C et al. From cyber-security deception to manipulation and gratification through gamification. In Moallem A, editor, HCI for cybersecurity, privacy and trust: HCII 2019. Springer International Publishing. 2019. p. 99-114. (Lecture Notes in Computer series). https://doi.org/10.1007/978-3-030-22351-9_7