Date of Award

10-1-2021

Publication Type

Thesis

Degree Name

M.Sc.

Department

Computer Science

First Advisor

L. Rueda

Second Advisor

S.Saad

Third Advisor

J. Lu

Keywords

Awareness, Gamification, Platform, Social engineering, Training

Rights

info:eu-repo/semantics/openAccess

Abstract

Almost every type of cybersecurity incident leverages one or more social engineering attacks. Nowadays social engineering attack is considered one of the most significant threats to individuals and organizations. It is an attacking technique that manipulates and deceives users to access or gain privileged information. Cybersecurity training is an effective defense method to enhance people's awareness of social engineering attacks, especially training through game playing or educational games. However, fewer tools can customize social engineering simulations based on user's characteristics and needs. Some social engineering training tools are lack motivation, engagement, and interaction.

Gamification is the use of game elements and game design techniques in non-game contexts. Using gamification can combine the game elements and social engineering training. In this thesis, we investigated the use of gamification to improve users' awareness and engagement in anti-social engineering training. We proposed a gamified social engineering platform called GamiSE by applying modern gamification principles to gamify the anti-social engineering training process. Users can use the platform to share experiences related to social engineering and report social engineering attacks. The platform can send phishing email attacks to the users. Users can get points, badges, achievements, and other gamification elements based on their performances. We conducted a study to measure the impact of adding gamification in anti-social engineering training. In our study, 74 subjects participated in the 20-day evaluation.

The study results indicated that adding gamification elements can motivate users to participate in social engineering training and positively affect participants' performances on the SE training platform. The users' awareness and ability to detect social engineering attacks such as phishing attacks improve by participating in gamified anti-social engineering training.

Share

COinS