research-article

Open access

Cyber Range and Cyber Defense Exercises: Gamification Meets University Students

Authors:

Marina Ribaudo,

Alessandro Orlich,

Alessandro ArmandoAuthors Info & Claims

Gamify 2023: Proceedings of the 2nd International Workshop on Gamification in Software Development, Verification, and Validation

Pages 29 - 37

https://doi.org/10.1145/3617553.3617888

Published: 04 December 2023 Publication History

Abstract

In the last decade, gamification has emerged as a valid alternative to more traditional learning processes both in academia and for professional training. Gamification has been successfully implemented in various disciplines to enhance the enjoyment and engagement of learning. This result can be achieved by providing challenges and quests, incentivizing task completion, and using role-playing games where learners assume different roles and perform tasks within a story format. In the case of cybersecurity, gamification can be introduced thanks to Capture The Flag (CTF) competitions or within virtual environments known as Cyber Ranges, where participants can test their skills on simulated networks, ICT systems, and other critical infrastructures. In this paper, we describe our experience with a cyber defender training activity proposed to computer science and computer engineering students. We organized lectures on cybersecurity, oriented towards developing problem-solving and practical skills. Then, we introduced gamification by running two on-site competitions: a Jeopardy CTF and a Cyber Defense Exercise.

References

[1]

2023. Boltcms. https://boltcms.io/

[2]

M. Beltrán, M. Calvo, and S. González. 2018. Experiences Using Capture The Flag Competitions to Introduce Gamification in Undergraduate Computer Security Labs. In 2018 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, 574–579.

[3]

Agnė Brilingaitė, Linas Bukauskas, and Aušrius Juozapavičius. 2020. A framework for competence development and assessment in hybrid cybersecurity exercises. Computers & Security, 88 (2020), Jan., 101607. https://doi.org/10.1016/j.cose.2019.101607

Digital Library

[4]

Nestoras Chouliaras, George Kittes, Ioanna Kantzavelou, Leandros Maglaras, Grammati Pantziou, and Mohamed Amine Ferrag. 2021. Cyber Ranges and TestBeds for Education, Training, and Research. Applied Sciences, 11, 4 (2021), Feb., 1809. https://doi.org/10.3390/app11041809

[5]

Gabriele Costa, Martina Lualdi, Marina Ribaudo, and Andrea Valenza. 2020. A NERD DOGMA: Introducing CTF to Non-Expert Audience. In Proceedings of the 21st Annual Conference on Information Technology Education (SIGITE ’20). Association for Computing Machinery, New York, NY, USA. 413–418. isbn:9781450370455 https://doi.org/10.1145/3368308.3415405

Digital Library

[6]

CTFd LLC. 2023. CTFd: The Easiest Capture The Flag Framework. https://ctfd.io/

[7]

Deciso B.V. 2021. OPNsense firewall. https://opnsense.org/

[8]

Luca Demetrio, Giovanni Lagorio, Marina Ribaudo, Enrico Russo, and Andrea Valenza. 2019. ZenHackAdemy: Ethical Hacking @ DIBRIS. In Proceedings of the 11th International Conference on Computer Supported Education, CSEDU 2019, Heraklion, Crete, Greece, May 2-4, 2019, Volume 1. SciTePress, 405–413.

[9]

Magdalena Glas, Manfred Vielberth, and Guenther Pernul. 2023. Train as You Fight: Evaluating Authentic Cybersecurity Training in Cyber Ranges. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI ’23). Association for Computing Machinery, New York, NY, USA. Article 622, 19 pages. isbn:9781450394215 https://doi.org/10.1145/3544548.3581046

Digital Library

[10]

Tommy Gustafsson and Jonas Almroth. 2021. Cyber Range Automation Overview with a Case Study of CRATE. In Secure IT Systems. Springer International Publishing, 192–209. https://doi.org/10.1007/978-3-030-70852-8_12

Digital Library

[11]

Marcus Knüpfer, Tore Bierwirth, Lars Stiemert, Matthias Schopp, Sebastian Seeber, Daniela Pöhn, and Peter Hillmann. 2020. Cyber Taxi: A Taxonomy of Interactive Cyber Training and Education Systems. In Model-driven Simulation and Training Environments for Cybersecurity. Springer International Publishing, 3–21. https://doi.org/10.1007/978-3-030-62433-0_1

Digital Library

[12]

Maria Leitner, Maximilian Frank, Gregor Langner, Max Landauer, Florian Skopik, Paul Smith, Benjamin Akhras, Wolfgang Hotwagner, Stela Kucek, Timea Pahi, Lenhard Reuter, and Manuel Warum. 2021. Enabling exercises, education and research with a comprehensive cyber range. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 4 (2021), December, issn:2093-5374

[13]

Kees Leune and Salvatore J. Petrilli. 2017. Using Capture-the-Flag to Enhance the Effectiveness of Cybersecurity Education. In Proceedings of the 18th Annual Conference on Information Technology Education. ACM. https://doi.org/10.1145/3125659.3125686

Digital Library

[14]

Giacomo Longo, Alessandro Orlich, Stefano Musante, Alessio Merlo, and Enrico Russo. 2023. MaCySTe: A virtual testbed for maritime cybersecurity. SoftwareX, 23 (2023), July, 101426. https://doi.org/10.1016/j.softx.2023.101426

[15]

Jelena Mirkovic and Peter A. H. Peterson. 2014. Class Capture-the-Flag Exercises. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX Association, San Diego, CA. https://www.usenix.org/conference/3gse14/summit-program/presentation/mirkovic

[16]

Moodle Pty Ltd. 2023. Moodle - Open-source learning platform. https://moodle.com/

[17]

Djedjiga Mouheb, Sohail Abbas, and Madjid Merabti. 2019. Cybersecurity Curriculum Design: A Survey. In Transactions on Edutainment XV. Springer Berlin Heidelberg, 93–107. https://doi.org/10.1007/978-3-662-59351-6_9

[18]

Enrico Russo, Gabriele Costa, and Alessandro Armando. 2020. Building next generation Cyber Ranges with CRACK. Computers & Security, 95 (2020), Aug., 101837. https://doi.org/10.1016/j.cose.2020.101837

[19]

Sam Scholefield and Lynsay A Shepherd. 2019. Gamification techniques for raising cyber security awareness. In HCI for Cybersecurity, Privacy and Trust: First International Conference, HCI-CPT 2019, Held as Part of the 21st HCI International Conference, HCII 2019, Orlando, FL, USA, July 26–31, 2019, Proceedings 21. 191–203.

[20]

Max Smeets. 2022. The Role of Military Cyber Exercises: A Case Study of Locked Shields. In 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon). 700, 9–25. https://doi.org/10.23919/CyCon55549.2022.9811018

[21]

The MITRE Corporation. 2019. CVE-2019-15107. https://www.cve.org/CVERecord?id=CVE-2019-15107

[22]

The MITRE Corporation. 2022. CVE-2022-36532. https://www.cve.org/CVERecord?id=CVE-2022-36532 Accessed on 02/05/2023

[23]

The MITRE Corporation. 2023. Common Attack Pattern Enumeration and Classification. https://capec.mitre.org/index.html Accessed on 02/05/2023

[24]

The MITRE Corporation. 2023. CVE-2023-22809. https://www.cve.org/CVERecord?id=CVE-2023-22809 Accessed on 02/05/2023

[25]

Manfred Vielberth, Magdalena Glas, Marietheres Dietz, Stylianos Karagiannis, Emmanouil Magkos, and Günther Pernul. 2021. A Digital Twin-Based Cyber Range for SOC Analysts. In Data and Applications Security and Privacy XXXV. Springer International Publishing, 293–311. https://doi.org/10.1007/978-3-030-81242-3_17

Digital Library

[26]

G. Vigna. 2011. The 2010 International Capture the Flag Competition. IEEE Security Privacy, 9, 1 (2011), 12–14.

Digital Library

[27]

Jan Vykopal and Miloš Barták. 2016. On the Design of Security Games: From Frustrating to Engaging Learning. In 2016 USENIX Workshop on Advances in Security Education (ASE 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/ase16/workshop-program/presentation/vykopal

[28]

Jan Vykopal, Radek Oslejsek, Pavel Celeda, Martin Vizvary, and Daniel Tovarnak. 2017. KYPO Cyber Range: Design and Use Cases. In Proceedings of the 12th International Conference on Software Technologies. SCITEPRESS - Science and Technology Publications. https://doi.org/10.5220/0006428203100321

[29]

Jan Vykopal, Valdemar Švábenský, and Ee-Chien Chang. 2020. Benefits and Pitfalls of Using Capture the Flag Games in University Courses. In Proceedings of the 51st ACM Technical Symposium on Computer Science Education. ACM. https://doi.org/10.1145/3328778.3366893

Digital Library

[30]

Jan Vykopal, Martin Vizvary, Radek Oslejsek, Pavel Celeda, and Daniel Tovarnak. 2017. Lessons learned from complex hands-on defence exercises in a cyber range. In 2017 IEEE Frontiers in Education Conference (FIE). IEEE. https://doi.org/10.1109/fie.2017.8190713

Digital Library

[31]

Brad Wolfenden. 2019. Gamification as a winning cyber security strategy. Computer Fraud & Security, 2019, 5 (2019), 9–12.

[32]

Muhammad Mudassar Yamin and Basel Katt. 2022. Modeling and executing cyber security exercise scenarios in cyber ranges. Computers & Security, 116 (2022), May, 102635. https://doi.org/10.1016/j.cose.2022.102635

Digital Library

Cited By

Coppola RArdito LLeotta M(2024)Gamify: Gamification in Software Development, Verification,and ValidationACM SIGSOFT Software Engineering Notes10.1145/3650142.365015149:2(27-30)Online publication date: 3-Apr-2024
https://dl.acm.org/doi/10.1145/3650142.3650151
Mouhssine YBoutracheh HMoumen A(2024)Teaching Cybersecurity to Engineering Students: A New Perspective Through Literature Review2024 4th International Conference on Innovative Research in Applied Science, Engineering and Technology (IRASET)10.1109/IRASET60544.2024.10548731(1-9)Online publication date: 16-May-2024
https://doi.org/10.1109/IRASET60544.2024.10548731

Index Terms

Cyber Range and Cyber Defense Exercises: Gamification Meets University Students
1. Applied computing
  1. Education
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research
EICC '20: Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference

With the evolution of threats and attacks and the speed of automation, new modern training and learning environments are needed to support the challenges of digital organizations and societies. In recent years, cyber ranges, i.e., virtual environments ...
Serious games as a tool to model attack and defense scenarios for cyber-security exercises
Abstract
Technology is evolving rapidly; this poses a problem for security specialists and average citizens as their technological skill sets are quickly made obsolete. This makes the knowledge and understanding of cyber-security in a ...
Use of cyber attack and defense agents in cyber ranges: A case study
Abstract
With the ever-changing cybersecurity landscape, the need for a continuous training for new cybersecurity skill sets is a requirement. Such continuous training programs can be delivered on platforms like cyber ranges. Cyber ranges ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Gamify 2023: Proceedings of the 2nd International Workshop on Gamification in Software Development, Verification, and Validation

December 2023

51 pages

ISBN:9798400703737

DOI:10.1145/3617553

General Chairs:
Riccardo Coppola
Politecnico di Torino, Italy
,
Luca Ardito
Politecnico di Torino, Italy
,
Gordon Fraser
University of Passau, Germany
,
Maurizio Leotta
University of Genova, Italy

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

Gamify '23

Sponsor:

SIGSOFT

Gamify '23: 2nd International Workshop on Gamification in Software Development, Verification, and Validation

December 4, 2023

CA, San Francisco, USA

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
556
Total Downloads

Downloads (Last 12 months)556
Downloads (Last 6 weeks)75

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Coppola RArdito LLeotta M(2024)Gamify: Gamification in Software Development, Verification,and ValidationACM SIGSOFT Software Engineering Notes10.1145/3650142.365015149:2(27-30)Online publication date: 3-Apr-2024
https://dl.acm.org/doi/10.1145/3650142.3650151
Mouhssine YBoutracheh HMoumen A(2024)Teaching Cybersecurity to Engineering Students: A New Perspective Through Literature Review2024 4th International Conference on Innovative Research in Applied Science, Engineering and Technology (IRASET)10.1109/IRASET60544.2024.10548731(1-9)Online publication date: 16-May-2024
https://doi.org/10.1109/IRASET60544.2024.10548731

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents