Ontology-Based Modelling for Cyber Security E-Learning and Training
The Conceptual Framework for e-Learning and Training (COFELET) constitutes a design standard for the enhancement of cyber security education by guiding the development of effective game-based approaches (e.g., serious games). The COFELET framework envisages cyber security serious games as highly organized and parameterized learning environments which monitor learner’s actions, evaluate their efforts and adapt to their needs. To this end, the COFELET framework employs well known cyber security standards (e.g., MITRE’s CAPEC, Lockheed Martin’s Cyber Kill Chain model or CKC) as a vehicle for organizing educational environments which model learners’ actions and strategies. In this light, the COFELET ontology is proposed aiming at providing a foundation for the development of a universal knowledge base for modeling such environments. The COFELET ontology provides an analytical description of the key elements of COFELET’s compliant serious games along with the appropriate classes and their properties. These elements include the cyber security domain elements that model the actions attackers perform to unleash cyber security attacks (i.e., the tasks) and the strategies they employ to achieve their malicious objectives (e.g., CAPEC’s attack patterns, the CKC model). The cyber security domain elements are associated with the educational elements (e.g., hints, utilized knowledge, exercised skills) that provide the means to infuse the didactics in the COFELET compliant approaches. A set of instances is presented to provide a better appreciation of the COFELET ontology rational, usage and usefulness. The proposed ontology is a cause and effect of the design and development process of a prototype COFELET compliant game.
KeywordsCyber security Serious games Ontology eLearning and training COFELET framework
This research is funded by the University of Macedonia Greece Research Committee as part of the “Principle Research 2019” funding program.
- 1.Katsantonis, M.N., Kotini, I., Fouliras, P., Mavridis, I.: Conceptual framework for developing cyber security serious games. In: 2019 IEEE Global Engineering Education Conference (EDUCON) Proceedings, pp. 872–881. IEEE, Dubai (2019)Google Scholar
- 2.Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org. Accessed 30 May 2019
- 3.Martin, L.: Cyber Kill Chain. http://cyber.lockheedmartin.com/hubfs/Gaining_the_Advantage_Cyber_Kill_Chain.pdf. Accessed 30 May 2019
- 4.Newhouse, W., Keith, S., Scribner, B., Witte, G.: National Initiative for Cybersecurity Education (NICE) - Cybersecurity Workforce Framework. National Institute of Standards and Technology (NIST) Special Publication, 800, 181, April 2017Google Scholar
- 5.Noy, N.,F., McGuinness, D.L.: Ontology development 101: a guide to creating your first ontology (2001)Google Scholar
- 7.Fallon, C., Brown, S.: E-Learning Standards A Guide to Purchasing, Developing, and Deploying Standards-Conformant E-Learning. CRC Press LLC (2016)Google Scholar
- 8.Poltrack, J.: ADL Training & Learning Architecture (TLA). http://www.adlnet.gov/wp-content/uploads/2014/07/ADL-Training-and-LearningArchitecture-1.pdf. Accessed 30 May 2019
- 10.Protégé Stanford. http://protege.stanford.edu. Accessed 30 June 2019
- 11.Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: STIDS, pp. 49–56 (2012)Google Scholar
- 12.Zhu, Y.: Attack pattern ontology: a common language for attack information sharing between organizations (2015)Google Scholar