Abstract
This article proposes a mathematical model that helps to track a player’s game actions and present them in a structured form. The gaming process is presented as a set of states that are connected by a player’s actions. Each state is a set of predicates that characterize the player’s knowledge about the game. This mathematical model was developed as a step in achieving the general goal of the research branch, which is to increase the safety of an information system from social engineering attacks by developing a serious game. This serious game is aimed at improving players’ skills in recognition and counteraction to social engineering attacks as well as at raising awareness among employees.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We use two predicates to describe the player’s knowledge of the NPC’s password because during the game it is possible to learn only some characters in the password by using shoulder surfing mechanic.
- 2.
If the player learns the same information from 2 different actions, the system stores the one that the player performed first.
- 3.
The action extracted from the queue is guaranteed to provide the player some new information. If feff(a) ∈ s, where s is a current state of the game environment, the action a is considered redundant and is not recorded.
References
Abramov, M.V., Tulupyeva, T.V., Tulupyev, A.L.: Social Engineering Attacks: social networks and user security estimates. SUAI, St. Petersburg (2018). 266 p. (in Russian)
Alqahtani, H., Kavakli-Thorne, M.: Design and evaluation of an augmented realitygame for cybersecurity awareness (CybAR). Information 11(2), 121 (2020). https://doi.org/10.3390/info11020121
Azarov, A.A., Tulupyeva, T.V., Suvorova, A.V., Tulupyev, A.L., Abramov, M.V., Usupov R.M.: Social Engineering Attacks: the Problem of Analysis. Nauka Publ., St Petersburg (2016). 349 p. (in Russian)
Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements. In: 2016 IEEE 24th International Requirements Engineering Conference (RE), Beijing. 16–25 (2016). https://doi.org/10.1109/RE.2016.39
Peltier, T.R.: Social engineering: concepts and solutions. Inf. Syst. Secur. 15, 13–21 (2006). https://doi.org/10.1201/1086.1065898X/46353.15., 4.20060901/95427.3
Bissell, K., LaSalle, R., Dal Cin, P.: The Cost Of Cybercrime. NinthAnnual Cost of Cybercrime Study (2019). https://www.accenture.com/acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf. Accessed 12 June 2020
Giannakas, F., Papasalouros, A., Kambourakis, G., Gritzalis, S.: A comprehensive cybersecurity learning platform for elementary education. Inf. Secur. J. A Global Perspect. 28(3), 81–106 (2019). https://doi.org/10.1080/19393555.2019.1657527
Hart, S., Margheri, A., Paci, F., Sassone, V.: Riskio: a serious game for cybersecurity awareness and education. Compute. Secur. 95, (101827) (2020). https://doi.org/10.1016/j.cose.2020.101827
Russian companies lost 1.26 billion rubles on social engineering, Kommersant, https://www.kommersant.ru/doc/4215008. Accessed 23 May 2020
Makhutov, N.A. (ed.): The security of Russia. Legal, social economic and scientifictechnical aspects. IHPF “Knowledge”, Moskow (2018). 1016 p. (in Russian)
Newbould, M., Furnell, S.: Playing Safe: a prototype game for raising awarenessof social engineering. In: Australian Information Security Management Conference, pp. 24–30 (2009). https://doi.org/10.4225/75/57b4004e30de7
Types of Social Engineering Attacks in 2020, SolarWinds MSP. https://www.solarwindsmsp.com/blog/types-of-social-engineering-attacks-in-2020. Accessed 22 May 2020
Thomas, M.K., Shyjka, A., Kumm, S., Gjomemo, R.: Educational design research for the development of a collectible card game for cybersecurity learning. J. Format. Des. Learn. 3(1), 27–38 (2019). https://doi.org/10.1007/s41686-019-00027-0
Abass, Islam: Social engineering threat and defense: a literature survey. J. Inf. Secur. 09, 257–264 (2018). https://doi.org/10.4236/jis.2018.94018
Yasin, A., Liu, L., Li, T., Wang, J., Zowghi, D.: Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG). Inf. Software Technol. 95, 179–200 (2018)
Acknowledgments
The research was carried out in the framework of the project on state assignment SPIIRAN No 0073–2019–0003, with the financial support of the RFBR (project No 20–07–00839 Digital twins and soft computing in social engineering attacks modeling and associated risks assessment; project No 18–01–00626 Methods of representation, synthesis of truth estimates and machine learning in algebraic Bayesian networks and related knowledge models with uncertainty: the logic probability approach and graph systems).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Krylov, B., Abramov, M., Khlobystova, A. (2021). Automated Player Activity Analysis for a Serious Game About Social Engineering. In: Dolinina, O., et al. Recent Research in Control Engineering and Decision Making. ICIT 2020. Studies in Systems, Decision and Control, vol 337. Springer, Cham. https://doi.org/10.1007/978-3-030-65283-8_48
Download citation
DOI: https://doi.org/10.1007/978-3-030-65283-8_48
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65282-1
Online ISBN: 978-3-030-65283-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)