A Pilot Study in Cyber Security Education Using CyberAIMs: A Simulation-Based Experiment

  • Erjon ZotoEmail author
  • Stewart KowalskiEmail author
  • Christopher FrantzEmail author
  • Edgar Lopez-RojasEmail author
  • Basel KattEmail author
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 531)


We hardly pass any day without hearing of a new cyber attack. The recent ever-increasing occurrence of such attacks has given to researchers, practitioners and others an opportunity to raise awareness and train staff from the public and private institutions, as well as other people within the society, about the evolving nature of cyberspace threats. As a first step in this process, we aim to present main findings from a pilot study conducted with a target group of Master students with diverse backgrounds and knowledge about cyber security practices. The study was done using an agent-based simulation tool, CyberAIMs, as the core component of the experiment. Students were involved in a pre-test/post-test study in order to assess the probable change in their thinking process after using CyberAIMs. A scenario created from a real cyber case was additionally used to get the participants accustomed to the tool. The experiment is still in progress, while preliminary data indicate that there is a shift in students’ perspective on the most relevant attributes affecting defense agents’ performance, results that could be related to both adversarial and systems thinking processes.


Agent-based simulation Teaching Cyber security Adversarial thinking Systems thinking Training 


  1. 1.
    Ablon, L., Libicki, M.C., Golay, A.A.: Markets for cybercrime tools and stolen data: hackers’ bazaar. Rand Corporation (2014)Google Scholar
  2. 2.
    ACM: Computer Science Curricula 2013 Curriculum Guidelines for Undergraduate Degree Programs in Computer Science. New York, NY, USA (2013)Google Scholar
  3. 3.
    Anne Bardoel, E., Haslett, T.: Success to the successful: the use of systems thinking tools in teaching OB. Organ. Manag. J. 1(2), 112–124 (2004)CrossRefGoogle Scholar
  4. 4.
    Bologna, J.: Momm’s (motivations, opportunities, methods, means)-a taxonomy for computer related employee theft. Assets Prot. 6(3), 33–36 (1981)Google Scholar
  5. 5.
    Brahima, S.: Global cybersecurity index 2017. International Telecommunication Union (ITU), pp. 1–77 (2017)Google Scholar
  6. 6.
    Goodwin, J.S., Franklin, S.G.: The beer distribution game: using simulation to teach systems thinking. J. Manag. Dev. 13(8), 7–15 (1994)CrossRefGoogle Scholar
  7. 7.
    Hamman, S.T., Hopkinson, K.M., Markham, R.L., Chaplik, A.M., Metzler, G.E.: Teaching game theory to improve adversarial thinking in cybersecurity students. IEEE Trans. Educ. 60(3), 205–211 (2017)CrossRefGoogle Scholar
  8. 8.
    Joint Task Force on Cybersecurity Education: Cybersecurity curricula 2017 - curriculum guidelines for post-secondary degree programs in cybersecurity - csec2017 v. 0.95 draft. Technical report, November 2017Google Scholar
  9. 9.
    Pastor, V., Díaz, G., Castro, M.: State-of-the-art simulation systems for information security education, training and awareness. In: 2010 IEEE Education Engineering (EDUCON), pp. 1907–1916. IEEE (2010)Google Scholar
  10. 10.
    Ponemon Institute: Flipping the economics of attacks. Technical report, January 2016Google Scholar
  11. 11.
    Rogers, R.W.: A protection motivation theory of fear appeals and attitude change1. J. Psychol. 91(1), 93–114 (1975)CrossRefGoogle Scholar
  12. 12.
    Schneider, F.B.: Cybersecurity education in universities. IEEE Secur. Priv. 11(4), 3–4 (2013)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.Norwegian University of Science and Technology (NTNU)GjøvikNorway

Personalised recommendations