恶意软件意识对有抱负的网络专业人员的重要性：游戏化静态分析工具的适用性

IF 2.1 2区工程技术 Q2 EDUCATION, SCIENTIFIC DISCIPLINES

IEEE Transactions on Education Pub Date : 2024-10-15 DOI:10.1109/TE.2024.3471336

Alex Cameron;Abu Alam;Madhu Khurana;Jordan Allison;Nasreen Anjum

{"title":"恶意软件意识对有抱负的网络专业人员的重要性：游戏化静态分析工具的适用性","authors":"Alex Cameron;Abu Alam;Madhu Khurana;Jordan Allison;Nasreen Anjum","doi":"10.1109/TE.2024.3471336","DOIUrl":null,"url":null,"abstract":"Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.","PeriodicalId":55011,"journal":{"name":"IEEE Transactions on Education","volume":"68 1","pages":"132-139"},"PeriodicalIF":2.1000,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools\",\"authors\":\"Alex Cameron;Abu Alam;Madhu Khurana;Jordan Allison;Nasreen Anjum\",\"doi\":\"10.1109/TE.2024.3471336\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.\",\"PeriodicalId\":55011,\"journal\":{\"name\":\"IEEE Transactions on Education\",\"volume\":\"68 1\",\"pages\":\"132-139\"},\"PeriodicalIF\":2.1000,\"publicationDate\":\"2024-10-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Education\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10717445/\",\"RegionNum\":2,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"EDUCATION, SCIENTIFIC DISCIPLINES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Education","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10717445/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"EDUCATION, SCIENTIFIC DISCIPLINES","Score":null,"Total":0}

引用次数: 0

摘要

现代组织在确保员工认识到恶意软件和网络攻击方面面临着持续的挑战，因为它有可能对他们造成财务、法律和声誉上的损害。当前的意识培训以多种形式存在，使员工和组织能够保护自己免受恶意软件和网络攻击。本文提出了一种更现实和互动的恶意软件培训方法，通过模拟勒索软件感染作为游戏呈现给网络安全领域的员工和学生。提议的机制由网络行业的个人和学生进行了测试，并在英格兰西南部的活动中向潜在员工和行业专家演示，他们发现培训对如何避免和识别恶意软件有益且有见地。总体而言，该工具开发的结果表明，识别恶意文件的能力提高了12%-55%，受访者普遍认为该工具有助于提高学习能力。非结构化面试的外部结果似乎表明，个人在培训后表现出更高的意识。对学习网络和计算机科学的本科生进行的外部调查表明，100%的学生认为这种培训对某种形式的培训有用，86%的学生认为这种培训既适合无监督的培训，也适合有监督的恶意软件培训。语言分析显示，在多年级学生的自由文本问题中，词汇量非常积极，在二年级和三年级的网络安全组中，词汇量最积极。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools

Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Education 工程技术-工程：电子与电气

CiteScore

5.80

自引率

7.70%

发文量

审稿时长

1 months

期刊介绍： The IEEE Transactions on Education (ToE) publishes significant and original scholarly contributions to education in electrical and electronics engineering, computer engineering, computer science, and other fields within the scope of interest of IEEE. Contributions must address discovery, integration, and/or application of knowledge in education in these fields. Articles must support contributions and assertions with compelling evidence and provide explicit, transparent descriptions of the processes through which the evidence is collected, analyzed, and interpreted. While characteristics of compelling evidence cannot be described to address every conceivable situation, generally assessment of the work being reported must go beyond student self-report and attitudinal data.