The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools

IF 2.1 2区工程技术 Q2 EDUCATION, SCIENTIFIC DISCIPLINES

IEEE Transactions on Education Pub Date : 2024-10-15 DOI:10.1109/TE.2024.3471336

Alex Cameron;Abu Alam;Madhu Khurana;Jordan Allison;Nasreen Anjum

{"title":"The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools","authors":"Alex Cameron;Abu Alam;Madhu Khurana;Jordan Allison;Nasreen Anjum","doi":"10.1109/TE.2024.3471336","DOIUrl":null,"url":null,"abstract":"Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.","PeriodicalId":55011,"journal":{"name":"IEEE Transactions on Education","volume":"68 1","pages":"132-139"},"PeriodicalIF":2.1000,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Education","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10717445/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"EDUCATION, SCIENTIFIC DISCIPLINES","Score":null,"Total":0}

引用次数: 0

Abstract

Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Education 工程技术-工程：电子与电气

CiteScore

5.80

自引率

7.70%

发文量

审稿时长

1 months

期刊介绍： The IEEE Transactions on Education (ToE) publishes significant and original scholarly contributions to education in electrical and electronics engineering, computer engineering, computer science, and other fields within the scope of interest of IEEE. Contributions must address discovery, integration, and/or application of knowledge in education in these fields. Articles must support contributions and assertions with compelling evidence and provide explicit, transparent descriptions of the processes through which the evidence is collected, analyzed, and interpreted. While characteristics of compelling evidence cannot be described to address every conceivable situation, generally assessment of the work being reported must go beyond student self-report and attitudinal data.