安全意识冒险：利用状态转换系统和概率模型进行安全意识训练的严肃游戏

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-27 DOI:10.1016/j.cose.2025.104500

Tong Li, Fangqi Dong, Chaoqun Wen

{"title":"安全意识冒险：利用状态转换系统和概率模型进行安全意识训练的严肃游戏","authors":"Tong Li, Fangqi Dong, Chaoqun Wen","doi":"10.1016/j.cose.2025.104500","DOIUrl":null,"url":null,"abstract":"<div><div>Social engineering attacks target people who lack awareness of security. These attacks have become increasingly threatening to modern software systems, which rely heavily on human interactions. Recent studies propose to conduct serious game-based security training against such threats. However, it is challenging to simulate real-world scenarios in serious games, making the training less effective. In this paper, we introduce Security Awareness Adventure, a novel social engineering serious game that allows participants to play the role of attackers and realistically experience the social engineering attack process from the attacker’s perspective. Our game works with state transition models to realistically simulate stakeholder interactions within specific scenarios and to capture stakeholders’ alternative behaviors using a branching system. To evaluate our game’s effectiveness, we conducted an experiment with 41 participants and a real social engineering security scenario. The experimental results show that our game can effectively improve the learner’s security awareness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"156 ","pages":"Article 104500"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Security Awareness Adventure: A serious game for security awareness training utilizing a state transition system and a probabilistic model\",\"authors\":\"Tong Li, Fangqi Dong, Chaoqun Wen\",\"doi\":\"10.1016/j.cose.2025.104500\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Social engineering attacks target people who lack awareness of security. These attacks have become increasingly threatening to modern software systems, which rely heavily on human interactions. Recent studies propose to conduct serious game-based security training against such threats. However, it is challenging to simulate real-world scenarios in serious games, making the training less effective. In this paper, we introduce Security Awareness Adventure, a novel social engineering serious game that allows participants to play the role of attackers and realistically experience the social engineering attack process from the attacker’s perspective. Our game works with state transition models to realistically simulate stakeholder interactions within specific scenarios and to capture stakeholders’ alternative behaviors using a branching system. To evaluate our game’s effectiveness, we conducted an experiment with 41 participants and a real social engineering security scenario. The experimental results show that our game can effectively improve the learner’s security awareness.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"156 \",\"pages\":\"Article 104500\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-04-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825001889\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001889","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

社会工程攻击的目标是缺乏安全意识的人。这些攻击对严重依赖人类交互的现代软件系统的威胁越来越大。最近的研究建议针对此类威胁进行严肃的基于游戏的安全培训。然而，在严肃的游戏中模拟真实世界的场景是具有挑战性的，这使得训练的效果降低。在本文中，我们介绍了安全意识冒险，这是一个新颖的社会工程严肃游戏，允许参与者扮演攻击者的角色，并从攻击者的角度真实地体验社会工程攻击过程。我们的游戏使用状态转换模型来真实地模拟特定场景中的利益相关者互动，并使用分支系统捕获利益相关者的替代行为。为了评估我们的游戏的有效性，我们进行了一个有41名参与者的实验和一个真实的社会工程安全场景。实验结果表明，我们的游戏可以有效地提高学习者的安全意识。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The Security Awareness Adventure: A serious game for security awareness training utilizing a state transition system and a probabilistic model

Social engineering attacks target people who lack awareness of security. These attacks have become increasingly threatening to modern software systems, which rely heavily on human interactions. Recent studies propose to conduct serious game-based security training against such threats. However, it is challenging to simulate real-world scenarios in serious games, making the training less effective. In this paper, we introduce Security Awareness Adventure, a novel social engineering serious game that allows participants to play the role of attackers and realistically experience the social engineering attack process from the attacker’s perspective. Our game works with state transition models to realistically simulate stakeholder interactions within specific scenarios and to capture stakeholders’ alternative behaviors using a branching system. To evaluate our game’s effectiveness, we conducted an experiment with 41 participants and a real social engineering security scenario. The experimental results show that our game can effectively improve the learner’s security awareness.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.