Understanding User Behavior for Enhancing Cybersecurity Training with Immersive Gamified Platforms
Abstract
:1. Introduction
2. Review of User Behavior Studies in Cybersecurity
2.1. Theoretical Models
2.2. Game Theory-Based Studies
2.3. Simulator-Based Studies
3. Motivation and Problem Definition
4. Proposed Framework
4.1. Player Behavior Module
4.1.1. AI-Driven NPC Player Modeling
- Attackers: The module models cyber attackers using different tactics, techniques, and procedures that they might employ to breach a system’s defenses. This includes activities such as phishing, exploiting vulnerabilities, or launching denial-of-service attacks. By understanding the motivational factors driving attackers, such as financial gain, political motives, or the challenge itself, the PBM can predict potential new attack vectors and evolving strategies.
- Defenders: These are the users responsible for securing systems against threats, employing strategies like monitoring network activity, patching vulnerabilities, and responding to alerts. The PBM models defender behavior to identify optimal resource allocation strategies, understand the impact of different defense tactics, and predict defender responses to various types of attacks. This predictive capability is crucial for developing proactive defense strategies and improving incident response times.
- General users: These include non-expert users who interact with systems and unknowingly introduce vulnerabilities, such as through phishing or weak password management. By modeling their behaviors under various simulated attack scenarios, we can better understand how user training and awareness impact overall security.
4.1.2. Human Behavioral Data Collection and Analysis
4.2. Gamification Module
4.2.1. XR-Based Immersive Storytelling
4.2.2. AI-Driven Adaptive Experimentation
4.3. Simulator Module (SM)
4.3.1. XR-Based Immersive Simulations
- Immersive Cyber-Attack Scenarios: VR environments place users in realistic 3D spaces, such as corporate offices, where they engage with virtual systems under simulated attacks like phishing or ransomware. These immersive scenarios drive real-time decision-making and deepen understanding of cyber threats by situating users within high-stakes, time-sensitive contexts.
- MR in Critical Systems: MR enables scenarios that overlay digital threats onto physical infrastructures like power grids or healthcare systems. With AR glasses, users visualize cyber attacks affecting physical components, offering an authentic view that mirrors real operational environments, which enhances situational awareness and response accuracy.
- Dynamic Scenario Adaptation: The SM’s AI-driven adaptability tailors each scenario to the user’s expertise, ensuring relevance for both novices and experts. Branching narratives in the GM enable multiple outcomes based on user actions, creating a dynamic training environment that captures genuine behavioral responses to cyber threats [73].
4.3.2. AI-Driven Real-Time Feedback and Adaptation
- Predictive Analytics for User Behavior: AI can analyze user behavior in real time, predicting how users will react to specific attack vectors based on past interactions and common behavioral patterns. By processing data such as decision-making speed, task completion accuracy, and responses to simulated attacks, AI models can offer predictive insights. For instance, if a user is slow to react to a phishing email in the simulation, AI might predict similar hesitation in future, more critical scenarios, allowing for targeted training interventions.
- Adaptive Training Feedback: The SM uses AI to deliver real-time feedback that adapts to the user’s actions. If a user successfully mitigates a simulated attack, AI algorithms adjust the complexity of subsequent scenarios, progressively increasing the difficulty level. Conversely, if a user struggles, the system provides tailored feedback and simpler scenarios to improve skills. This adaptive approach ensures that training remains challenging yet accessible, optimizing learning outcomes.
4.3.3. XR-Driven Digital Twin
5. Results
5.1. Case Study Implementation of the Framework
5.1.1. System Design Based on the Proposed Framework
5.1.2. Features Implementing PBM
- AI-Driven Attacker Simulation: AI-driven attackers are able to adapt their tactics based on user actions by utilizing ChatGPT’s 4o LLM model within the LangChain framework in a Python Script. In our platform, we focus on generating the following evolving threats: Input Data manipulation and Output Data manipulation, which are both variations of man-in-the-middle attacks and denial-of-service attacks. We achieve these tasks by using ARPSPOOF, a Python library tool that allows us to perform an Address Resolution Protocol Spoofing attack. This attack allows packets intended for a user to be rerouted into our computer. From there, we can use the Linux operating system’s IP forwarding table/rules to either drop packets or perform some type of packet modification. Packet modification is performed with the help of the Scapy packet manipulation library. This allows us to parse Internet packet headers to identify packets of interest and perform modifications at the appropriate spot to prevent any type of data corruption.
- Static Defender: The static defender setup isolates user responses, enabling a focused study of how operators detect and respond to threats without active system defenses. The ChatGPT 4o model can be used for this with its memory feature, so it can keep track of all of the user’s responses to then provide a comprehensive feedback loop back to the operator on how they can improve their response to threats.
- Behavioral Tracking in Routine and Crisis: Continuous data collection tracks user responses in both normal conditions and crises, measuring reaction times, accuracy, and adaptability under cyber-attack conditions. Again, ChatGPT’s memory feature here can be used for the collection and processing of data to provide a result analysis.
- Tutorials: These provide users with a comprehensive orientation, covering essential background knowledge, theoretical cybersecurity concepts, and simulator interaction techniques. This ensures that users understand the critical context behind cyber threats, familiarizing them with specific interaction mechanics within the simulator. Through this, the users gain the knowledge and skills required to navigate the platform effectively, preparing them to make informed, realistic decisions within the simulation.
5.1.3. Features Implementing GM
- Routine Task Challenges: Operators complete standard tasks like adjusting water levels, inspecting valves, and setting a behavioral baseline for comparison with the crisis response. This is implemented within the VR environment that operators would be in using the raycasting interaction technique.
- Story-Driven Cyber-Attack Interruptions: Periodic AI-driven cyber attacks—such as denial-of-service or data manipulation attacks—interrupt routine tasks, simulating the urgency of real-world cyber incidents.
- Adaptive Attacker Interactions: Based on user responses, AI attackers may escalate threats, prompting operators to adjust their strategies, thus revealing user adaptability and situational awareness.
- Real-Time Feedback and Difficulty Adjustment: AI provides immediate feedback and adapts attack difficulty based on performance, helping users develop resilience through graduated challenges.
5.1.4. Features Implementing SM
- VR Interface for Realistic Interaction: The VR interface provides a highly immersive view of the facility’s layout and equipment, allowing operators to interact with virtual controls and gauges intuitively as depicted in Figure 5. This interface replicates real-world tasks, helping users acclimate to both routine operations and emergency responses. VR was chosen over MR and AR primarily for its ability to provide a fully immersive experience, which is essential for visualizing the impacts of ongoing cyber attacks within our cybersecurity platform. Simulating these attacks in real life is not feasible due to ethical and safety concerns, but VR allows us to recreate and display these effects in a controlled environment. AR and MR, in contrast, require the user’s physical presence at the site to interact with the real-world environment. Additionally, actual wastewater treatment facilities are vast and complex, making it impractical to fully replicate the facility’s digital twin interface in AR or MR. However, in scenarios where users are already on-site, AR or MR might be considered, as these technologies can provide context-specific information and interactions within the physical setting. To accomplish this, Unity 2022.3.20f and C# were used to program the various visual effects and interactions possible. Since our VR interface is the virtual component of the digital twin, we need to establish some type of communication link with our hardware to complete the digital twin. We use the Message Queuing Telemetry Transport (MQTT) communication protocol here to ensure that all actions performed on the VR side are mapped/communicated to the physical side. MQTT is a lightweight messaging protocol that consists of a topic and a message. The topic consists of a unique string value, where all messages using that string value communicate on the same channel [78]. We enhance the VR environment with a conversational AI NPC, enabling users to naturally interact with the AI and use it as a learning tool for clarifying various concepts. To accomplish this, we use a Unity asset called Convai (Version 3.2.0), which allows seamless integration with any existing VR environment. Users can easily add an NPC character to the VR setting and customize it to narrate stories or perform specific actions, thanks to the asset’s Narrative Design Feature for creating sequential storytelling. The asset leverages GPT-4o as its language model and can store multiple documents to build a knowledge base, enriching contextual interactions.
- Miniature Testbed Integration: The operators’ actions in VR, like adjusting water flow, are mirrored in real time on a physical testbed, demonstrating the real-world impact of decisions. The physical testbed is made up of Arduino components, such as the NodeMCU ESP8266 and Arduino MKR Wifi 1010 microcontrollers. Attached to these microcontrollers are various sensors and motors that are appropriate for the given stage that the hardware represents. These can include water pump(s) to move water from one stage to the other, water level, water temperature, and pH sensors.
- Webcam Monitoring for Real-Time Impact Observation: Users can monitor physical testbed responses to their virtual actions, emphasizing real-world consequences and situational awareness. This is accomplished by connecting multiple USB webcams to the computer hosting/running the VR application and using Unity’s built-in webcam library to retrieve the appropriate webcam feeds.
- Digital Twin for Enhanced Visualization: A synchronized digital twin displays real-time system conditions, allowing users to observe the effects of cyber attacks and operational adjustments. This is carried out through our Unity VR program, which provides visualizations such as water level movement and water color changes.
- Simulated Network Components with MQTT: The digital twin’s network uses MQTT protocols, enabling AI-driven attacks like denial of service, which allows observation of user responses to network-based threats.
6. Discussion
6.1. Application of the Framework in Other Domains
- Healthcare Sector: In healthcare, cyber attacks can compromise not only data integrity but also patient safety [83]. Adapting the framework to simulate attacks on Electronic Health Records (EHRs) or medical devices allows healthcare professionals to experience and respond to realistic cyber threats that could impact patient outcomes [84]. The proposed framework helps collect healthcare-specific behavioral responses, such as how clinicians prioritize between clinical care and cyber threat management or how they recognize and mitigate threats within sensitive healthcare environments. Insights into these behaviors can inform the development of training programs that emphasize both patient safety and security awareness while identifying areas where procedural adjustments or additional safeguards may be required [85].
- Financial Services: For financial institutions, the complexity of cyber threats often targets not just data security but also operational continuity and customer trust [86]. Using the framework to model scenarios like insider threats, data breaches, and phishing attacks allows finance professionals to engage with simulations that reflect real-world conditions. Behavioral data on decision-making processes, risk tolerance, and speed of response in these environments provide insights that financial institutions can use to strengthen specific areas of their cybersecurity protocols [87,88]. Additionally, the framework can reveal the impact of cognitive biases under stress, helping institutions refine training to mitigate human error in high-stakes financial transactions.
- Defense and Military Applications: Cybersecurity in defense settings requires readiness for complex, multi-layered threats that could affect national security [89,90]. By simulating hybrid cyber-physical threats on military networks and operational systems [91], this framework can be adapted to study how personnel respond to diverse cyber warfare tactics, such as disruption of communication channels or interference with autonomous systems. Behavioral insights derived from these scenarios—such as response coordination, situational awareness, and the ability to adapt to rapidly evolving threats—are critical for refining defense protocols and designing adaptive training programs that enhance resilience in cyber warfare [92].
6.2. Practical Challenges to Integrating XR, AI, and Digital Twin
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Abbreviations
XR | Extended Reality |
AR | Augmented Reality |
VR | Virtual Reality |
MR | Mixed Reality |
AI | Artificial Intelligence |
PBM | Player Behavior Module |
GM | Gamification Module |
SM | Simulator Module |
PMT | Protection Motivation Theory |
TPB | Theory of Planned Behavior |
RCT | Rational Choice Theory |
MOA | Motivation Opportunity Abilities |
MQTT | Message Queuing Telemetry Transport |
SCP | Situational Crime Prevention |
LLM | Large Language Models |
References
- Guo, S.; Zeng, D. Cyber-Physical Systems: Architecture, Security and Application; Springer: Cham, Switzerland, 2019. [Google Scholar]
- Armbrust, M.; Fox, A.; Griffith, R.; Joseph, A.D.; Katz, R.; Konwinski, A.; Lee, G.; Patterson, D.; Rabkin, A.; Stoica, I.; et al. A view of cloud computing. Commun. ACM 2010, 53, 50–58. [Google Scholar] [CrossRef]
- Ghernouti-Hélie, S. A national strategy for an effective cybersecurity approach and culture. In Proceedings of the 2010 International Conference on Availability, Reliability and Security, Krakow, Poland, 15–18 February 2010; pp. 370–373. [Google Scholar]
- Han, S.; Xie, M.; Chen, H.H.; Ling, Y. Intrusion detection in cyber-physical systems: Techniques and challenges. IEEE Syst. J. 2014, 8, 1052–1062. [Google Scholar]
- Tounsi, W.; Rais, H. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 2018, 72, 212–233. [Google Scholar] [CrossRef]
- Sasse, M.A.; Brostoff, S.; Weirich, D. Transforming the ‘weakest link’—A human/computer interaction approach to usable and effective security. BT Technol. J. 2001, 19, 122–131. [Google Scholar] [CrossRef]
- Young, H.; van Vliet, T.; van de Ven, J.; Jol, S.; Broekman, C. Understanding human factors in cyber security as a dynamic system. In Proceedings of the Advances in Human Factors in Cybersecurity, Proceedings of the AHFE 2017 International Conference on Human Factors in Cybersecurity, Los Angeles, CA, USA, 17–21 July 2017; pp. 244–254.
- Pawlick, J.; Colbert, E.; Zhu, Q. A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. ACM Comput. Surv. (CSUR) 2019, 52, 82. [Google Scholar] [CrossRef]
- Alnajim, A.M.; Habib, S.; Islam, M.; AlRawashdeh, H.S.; Wasim, M. Exploring cybersecurity education and training techniques: A comprehensive review of traditional, virtual reality, and augmented reality approaches. Symmetry 2023, 15, 2175. [Google Scholar] [CrossRef]
- Goerger, S.R.; McGinnis, M.L.; Darken, R.P. A validation methodology for human behavior representation models. J. Def. Model. Simul. 2005, 2, 39–51. [Google Scholar] [CrossRef]
- Anderson, C.L.; Agarwal, R. Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Q. 2010, 34, 613–643. [Google Scholar] [CrossRef]
- Pahnila, S.; Siponen, M.; Mahmood, A. Employees’ behavior towards IS security policy compliance. In Proceedings of the 2007 40th Annual Hawaii International Conference on System Sciences (HICSS’07), Big Island, HI, USA, 3–6 January 2007; p. 156b. [Google Scholar]
- Boss, S.R.; Galletta, D.F.; Lowry, P.B.; Moody, G.D.; Polak, P. What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Q. 2015, 39, 837–864. [Google Scholar] [CrossRef]
- Sommestad, T.; Karlzén, H.; Hallberg, J. The theory of planned behavior and information security policy compliance. J. Comput. Inf. Syst. 2017, 59, 344–353. [Google Scholar] [CrossRef]
- Ifinedo, P. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 2012, 31, 83–95. [Google Scholar] [CrossRef]
- Ölander, F.; Thøgersen, J. Understanding of consumer behaviour as a prerequisite for environmental protection. J. Consum. Policy 1995, 18, 345–385. [Google Scholar] [CrossRef]
- Runions, K.C.; Bak, M. Online moral disengagement, cyberbullying, and cyber-aggression. Cyberpsychology Behav. Soc. Netw. 2015, 18, 400–405. [Google Scholar] [CrossRef]
- Hirschi, T. On the compatibility of rational choice and social control theories of crime. In The Reasoning Criminal; Routledge: Abingdon-on-Thames, UK, 2017; pp. 105–118. [Google Scholar]
- Bossler, A. Contributions of criminological theory to the understanding of cybercrime offending and victimization. In The Human Factor of Cybercrime; Routledge: Abingdon-on-Thames, UK, 2019; pp. 29–59. [Google Scholar]
- Poolsappasit, N.; Dewri, R.; Ray, I. Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 2011, 9, 61–74. [Google Scholar] [CrossRef]
- Yin, C.; Zhu, Y.; Fei, J.; He, X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 2017, 5, 21954–21961. [Google Scholar] [CrossRef]
- Alsharafi, L.; Asiri, M.; Azzony, S.; Alqahtani, A. Malware Detection Based on Deep Learning. In Proceedings of the 2023 3rd International Conference on Computing and Information Technology (ICCIT), Tabuk, Saudi Arabia, 10–11 May2023; pp. 427–432. [Google Scholar]
- Wooldridge, M. An Introduction to Multiagent Systems; John Wiley & Sons: Hoboken, NJ, USA, 2009. [Google Scholar]
- Zhang, D.; Feng, G.; Shi, Y.; Srinivasan, D. Physical safety and cyber security analysis of multi-agent systems: A survey of recent advances. IEEE/CAA J. Autom. Sin. 2021, 8, 319–333. [Google Scholar] [CrossRef]
- Belaoued, M.; Derhab, A.; Mazouzi, S.; Khan, F.A. MACoMal: A multi-agent based collaborative mechanism for anti-malware assistance. IEEE Access 2020, 8, 14329–14343. [Google Scholar] [CrossRef]
- Kotenko, I. Multi-agent modelling and simulation of cyber-attacks and cyber-defense for homeland security. In Proceedings of the 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Dortmund, Germany, 6–8 September 2007; pp. 614–619. [Google Scholar]
- Sarker, I.H.; Kayes, A. ABC-RuleMiner: User behavioral rule-based machine learning method for context-aware intelligent services. J. Netw. Comput. Appl. 2020, 168, 102762. [Google Scholar] [CrossRef]
- Phillips, S.C.; Taylor, S.; Boniface, M.; Modafferi, S.; Surridge, M. Automated knowledge-based cybersecurity risk assessment of cyber-physical systems. IEEE Access 2024, 12, 82482–82505. [Google Scholar] [CrossRef]
- Manshaei, M.H.; Zhu, Q.; Alpcan, T.; Bacşar, T.; Hubaux, J.P. Game theory meets network security and privacy. ACM Comput. Surv. (CSUR) 2013, 45, 25. [Google Scholar] [CrossRef]
- Tushar, W.; Yuen, C.; Saha, T.K.; Nizami, S.; Alam, M.R.; Smith, D.B.; Poor, H.V. A survey of cyber-physical systems from a game-theoretic perspective. IEEE Access 2023, 11, 9799–9834. [Google Scholar] [CrossRef]
- Amin, S.; Schwartz, G.A.; Hussain, A. In quest of benchmarking security risks to cyber-physical systems. IEEE Netw. 2013, 27, 19–24. [Google Scholar] [CrossRef]
- Lye, K.W.; Wing, J.M. Game strategies in network security. Int. J. Inf. Secur. 2005, 4, 71–86. [Google Scholar] [CrossRef]
- Panaousis, E.; Fielder, A.; Malacaria, P.; Hankin, C.; Smeraldi, F. Cybersecurity games and investments: A decision support approach. In Proceedings of the Decision and Game Theory for Security: 5th International Conference, GameSec 2014, Los Angeles, CA, USA, 6–7 November 2014; Proceedings 5. Springer: Berlin/Heidelberg, Germany, 2014; pp. 266–286. [Google Scholar]
- Fielder, A.; Panaousis, E.; Malacaria, P.; Hankin, C.; Smeraldi, F. Decision support approaches for cyber security investment. Decis. Support Syst. 2016, 86, 13–23. [Google Scholar] [CrossRef]
- Musman, S.; Turner, A. A game theoretic approach to cyber security risk management. J. Def. Model. Simul. 2018, 15, 127–146. [Google Scholar] [CrossRef]
- Simaan, M.; Cruz, J.B., Jr. On the Stackelberg strategy in nonzero-sum games. J. Optim. Theory Appl. 1973, 11, 533–555. [Google Scholar] [CrossRef]
- Zhu, Q.; Başar, T. Game-theoretic approach to feedback-driven multi-stage moving target defense. In Proceedings of the International Conference on Decision and Game Theory for Security, Fort Worth, TX, USA, 11–12 November 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 246–263. [Google Scholar]
- Zhang, Y.; Malacaria, P. Bayesian Stackelberg games for cyber-security decision support. Decis. Support Syst. 2021, 148, 113599. [Google Scholar] [CrossRef]
- Jakóbik, A.; Palmieri, F.; Kołodziej, J. Stackelberg games for modeling defense scenarios against cloud security threats. J. Netw. Comput. Appl. 2018, 110, 99–107. [Google Scholar] [CrossRef]
- Veksler, V.D.; Buchler, N.; LaFleur, C.G.; Yu, M.S.; Lebiere, C.; Gonzalez, C. Cognitive models in cybersecurity: Learning from expert analysts and predicting attacker behavior. Front. Psychol. 2020, 11, 1049. [Google Scholar] [CrossRef]
- Do, C.T.; Tran, N.H.; Hong, C.; Kamhoua, C.A.; Kwiat, K.A.; Blasch, E.; Ren, S.; Pissinou, N.; Iyengar, S.S. Game theory for cyber security and privacy. ACM Comput. Surv. (CSUR) 2017, 50, 30. [Google Scholar] [CrossRef]
- Benzel, T.; Braden, R.; Kim, D.; Neuman, C.; Joseph, A.; Sklower, K.; Ostrenga, R.; Schwab, S. Experience with deter: A testbed for security research. In Proceedings of the 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2006, Barcelona, Spain, 1–3 March 2006; p. 10. [Google Scholar]
- Ashok, A.; Govindarasu, M.; Wang, J. Cyber-physical attack-resilient wide-area monitoring, protection, and control for the power grid. Proc. IEEE 2017, 105, 1389–1407. [Google Scholar] [CrossRef]
- Zhang, D.; Li, S.; Zeng, P.; Zang, C. Optimal microgrid control and power-flow study with different bidding policies by using powerworld simulator. IEEE Trans. Sustain. Energy 2013, 5, 282–292. [Google Scholar] [CrossRef]
- Patriarca, R.; Simone, F.; Di Gravio, G. Modelling cyber resilience in a water treatment and distribution system. Reliab. Eng. Syst. Saf. 2022, 226, 108653. [Google Scholar] [CrossRef]
- Benzel, T. The science of cyber security experimentation: The DETER project. In Proceedings of the 27th Annual Computer Security Applications Conference, Orlando, FL, USA, 5–9 December 2011; pp. 137–148. [Google Scholar]
- Le, T.D.; Anwar, A.; Loke, S.W.; Beuran, R.; Tan, Y. Gridattacksim: A cyber attack simulation framework for smart grids. Electronics 2020, 9, 1218. [Google Scholar] [CrossRef]
- Kaur, D.; Sachdeva, M.; Kumar, K. Study of DDoS attacks using DETER Testbed. Int. J. Comput. Bus. Res. 2012, 3, 1–13. [Google Scholar]
- Kostyuk, N.; Zhukov, Y.M. Invisible digital front: Can cyber attacks shape battlefield events? J. Confl. Resolut. 2019, 63, 317–347. [Google Scholar] [CrossRef]
- Willing, M.; Dresen, C.; Gerlitz, E.; Haering, M.; Smith, M.; Binnewies, C.; Guess, T.; Haverkamp, U.; Schinzel, S. Behavioral responses to a cyber attack in a hospital environment. Sci. Rep. 2021, 11, 19352. [Google Scholar] [CrossRef] [PubMed]
- Priyadarshini, I.; Kumar, R.; Tuan, L.M.; Son, L.H.; Long, H.V.; Sharma, R.; Rai, S. A new enhanced cyber security framework for medical cyber physical systems. SICS Softw.-Intensive-Cyber-Phys. Syst. 2021, 35, 159–183. [Google Scholar] [CrossRef]
- Butpheng, C.; Yeh, K.H.; Xiong, H. Security and privacy in IoT-cloud-based e-health systems—A comprehensive review. Symmetry 2020, 12, 1191. [Google Scholar] [CrossRef]
- Najaf, K.; Mostafiz, M.I.; Najaf, R. Fintech firms and banks sustainability: Why cybersecurity risk matters? Int. J. Financ. Eng. 2021, 8, 2150019. [Google Scholar] [CrossRef]
- Gomber, P.; Kauffman, R.J.; Parker, C.; Weber, B.W. On the fintech revolution: Interpreting the forces of innovation, disruption, and transformation in financial services. J. Manag. Inf. Syst. 2018, 35, 220–265. [Google Scholar] [CrossRef]
- Chuah, S.H.W. Wearable XR-technology: Literature review, conceptual framework and future research directions. Int. J. Technol. Mark. 2018, 13, 205–259. [Google Scholar] [CrossRef]
- Chandrashekar, N.D.; King, K.; Gračanin, D.; Azab, M. Design & development of virtual reality empowered cyber-security training testbed for IoT systems. In Proceedings of the 2023 3rd Intelligent Cybersecurity Conference (ICSC), San Antonio, TX, USA, 23–25 October 2023; pp. 86–94. [Google Scholar]
- Ahsan, M.; Nygard, K.E.; Gomes, R.; Chowdhury, M.M.; Rifat, N.; Connolly, J.F. Cybersecurity threats and their mitigation approaches using Machine Learning—A Review. J. Cybersecur. Priv. 2022, 2, 527–555. [Google Scholar] [CrossRef]
- Addae, J.H.; Sun, X.; Towey, D.; Radenkovic, M. Exploring user behavioral data for adaptive cybersecurity. User Model. User-Adapt. Interact. 2019, 29, 701–750. [Google Scholar] [CrossRef]
- Sekulić, I.; Terragni, S.; Guimarães, V.; Khau, N.; Guedes, B.; Filipavicius, M.; Manso, A.F.; Mathis, R. Reliable LLM-based user simulator for task-oriented dialogue systems. arXiv 2024, arXiv:2402.13374. [Google Scholar]
- Jin, L.; Chen, Y.; Wang, T.; Hui, P.; Vasilakos, A.V. Understanding user behavior in online social networks: A survey. IEEE Commun. Mag. 2013, 51, 144–150. [Google Scholar]
- Dowling, S.; Schukat, M.; Melvin, H. A ZigBee honeypot to assess IoT cyberattack behaviour. In Proceedings of the 2017 28th Irish Signals and Systems Conference (ISSC), Killarney, Ireland, 20–21 June 2017; pp. 1–6. [Google Scholar]
- Abraham, M.; Saeghe, P.; Mcgill, M.; Khamis, M. Implications of xr on privacy, security and behaviour: Insights from experts. In Proceedings of the Nordic Human-Computer Interaction Conference, Aarhus, Denmark, 8–12 October 2022; pp. 1–12. [Google Scholar]
- Rokhsaritalemi, S.; Sadeghi-Niaraki, A.; Choi, S.M. Exploring emotion analysis using artificial intelligence, geospatial information systems, and extended reality for urban services. IEEE Access 2023, 11, 92478–92495. [Google Scholar] [CrossRef]
- Marín-Vega, H.; Alor-Hernández, G.; Bustos-López, M.; López-Martínez, I.; Hernández-Chaparro, N.L. Extended Reality (XR) Engines for Developing Gamified Apps and Serious Games: A Scoping Review. Future Internet 2023, 15, 379. [Google Scholar] [CrossRef]
- Katual, D.; Drevin, L.; Goede, R. Game-Based Learning to Improve Critical Thinking and Knowledge Sharing: Literature Review. J. Int. Soc. Syst. Sci. 2023, 67. [Google Scholar]
- Naul, E.; Liu, M. Why story matters: A review of narrative in serious games. J. Educ. Comput. Res. 2020, 58, 687–707. [Google Scholar] [CrossRef]
- Gordon, A.; van Lent, M.; Van Velsen, M.; Carpenter, P.; Jhala, A. Branching storylines in virtual reality environments for leadership development. In Proceedings of the National Conference on Artificial Intelligence, Orlando, FL, USA, 18–22 July 1999; AAAI Press: Menlo Park, CA, USA MIT Press: Cambridge, MA, USA. , 2004; pp. 844–851. [Google Scholar]
- Gedris, K.; Bowman, K.; Neupane, A.; Hughes, A.; Bonsignore, E.; West, R.; Balzotti, J.; Hansen, D. Simulating municipal cybersecurity incidents: Recommendations from expert interviews. In Proceedings of the Annual Hawaii International Conference on System Sciences, Kauai, HI, USA, 5 January 2021. [Google Scholar]
- Lester, J.C.; Rowe, J.P.; Mott, B.W. Narrative-centered learning environments: A story-centric approach to educational games. In Emerging Technologies for the Classroom: A Learning Sciences Perspective; Springer: Berlin/Heidelberg, Germany, 2012; pp. 223–237. [Google Scholar]
- Wan, H.; Zhang, J.; Suria, A.A.; Yao, B.; Wang, D.; Coady, Y.; Prpa, M. Building LLM-based AI Agents in Social Virtual Reality. In Proceedings of the Extended Abstracts of the CHI Conference on Human Factors in Computing Systems, Honolulu, HI, USA, 11–16 May 2024; pp. 1–7. [Google Scholar]
- Radford, A.; Wu, J.; Child, R.; Luan, D.; Amodei, D.; Sutskever, I. Language models are unsupervised multitask learners. OpenAI Blog 2019, 1, 9. [Google Scholar]
- Brown, T.; Mann, B.; Ryder, N.; Subbiah, M.; Kaplan, J.D.; Dhariwal, P.; Neelakantan, A.; Shyam, P.; Sastry, G.; Askell, A.; et al. Language models are few-shot learners. Adv. Neural Inf. Process. Syst. 2020, 33, 1877–1901. [Google Scholar]
- Stanney, K.M.; Archer, J.; Skinner, A.; Horner, C.; Hughes, C.; Brawand, N.P.; Martin, E.; Sanchez, S.; Moralez, L.; Fidopiastis, C.M.; et al. Performance gains from adaptive eXtended Reality training fueled by artificial intelligence. J. Def. Model. Simul. 2022, 19, 195–218. [Google Scholar] [CrossRef]
- Chandrashekar, N.D.; Safford, S.; Muniyandi, M.; Gračanin, D. An extended reality simulator for pulse palpation training. In Proceedings of the 2023 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW), Shanghai, China, 25–29 March 2023; pp. 178–182. [Google Scholar]
- Barykin, S.; Kapustina, I.; Sergeev, S.; Kalinina, O.; Vilken, V.; De la Poza, E.; Putikhin, Y.; Volkova, L. Developing the physical distribution digital twin model within the trade network. Acad. Strateg. Manag. J. 2021, 20, 1–24. [Google Scholar]
- Rudnicka, Z.; Proniewska, K.; Perkins, M.; Pregowska, A. Cardiac Healthcare Digital Twins Supported by Artificial Intelligence-Based Algorithms and Extended Reality—A Systematic Review. Electronics 2024, 13, 866. [Google Scholar] [CrossRef]
- Lee, A.; King, K.; Gračanin, D.; Azab, M. Experiential Learning Through Immersive XR: Cybersecurity Education for Critical Infrastructures. In Proceedings of the International Conference on Human-Computer Interaction, Washington DC, USA, 29 June–4 July 2024; Springer: Berlin/Heidelberg, Germany, 2024; pp. 56–69. [Google Scholar]
- MQTT Version 5.0. Edited by Andrew Banks, Ed Briggs, Ken Borgendale, and Rahul Gupta. 7 March 2019. OASIS Standard. Available online: https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html (accessed on 12 October 2024).
- Commons, W. La Crosse Wastewater Treatment Facility. 2024. Available online: https://commons.wikimedia.org/w/index.php?curid=150028072 (accessed on 12 October 2024).
- Lehto, M. Cyber-attacks against critical infrastructure. In Cyber Security: Critical Infrastructure Protection; Springer: Berlin/Heidelberg, Germany, 2022; pp. 3–42. [Google Scholar]
- Pomerleau, P.L.; Lowery, D.L. Countering Cyber Threats to Financial Institutions. In A Private and Public Partnership Approach to Critical Infrastructure Protection; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
- Nifakos, S.; Chandramouli, K.; Nikolaou, C.K.; Papachristou, P.; Koch, S.; Panaousis, E.; Bonacina, S. Influence of human factors on cyber security within healthcare organisations: A systematic review. Sensors 2021, 21, 5119. [Google Scholar] [CrossRef]
- Das, S.; Siroky, G.P.; Lee, S.; Mehta, D.; Suri, R. Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices. Heart Rhythm 2021, 18, 473–481. [Google Scholar] [CrossRef] [PubMed]
- Bani Issa, W.; Al Akour, I.; Ibrahim, A.; Almarzouqi, A.; Abbas, S.; Hisham, F.; Griffiths, J. Privacy, confidentiality, security and patient safety concerns about electronic health records. Int. Nurs. Rev. 2020, 67, 218–230. [Google Scholar] [CrossRef] [PubMed]
- Argaw, S.T.; Troncoso-Pastoriza, J.R.; Lacey, D.; Florin, M.V.; Calcavecchia, F.; Anderson, D.; Burleson, W.; Vogel, J.M.; O’Leary, C.; Eshaya-Chauvin, B.; et al. Cybersecurity of Hospitals: Discussing the challenges and working towards mitigating the risks. BMC Med. Inform. Decis. Mak. 2020, 20, 146. [Google Scholar] [CrossRef] [PubMed]
- Kopp, E.; Kaffenberger, L.; Jenkinson, N. Cyber Risk, Market Failures, and Financial Stability; International Monetary Fund: Washington, DC, USA, 2017. [Google Scholar]
- Maalem Lahcen, R.A.; Caulkins, B.; Mohapatra, R.; Kumar, M. Review and insight on the behavioral aspects of cybersecurity. Cybersecurity 2020, 3, 10. [Google Scholar] [CrossRef]
- Dupont, B. The cyber-resilience of financial institutions: Significance and applicability. J. Cybersecur. 2019, 5, tyz013. [Google Scholar] [CrossRef]
- Joiner, K.F.; Tutty, M.G. A tale of two allied defence departments: New assurance initiatives for managing increasing system complexity, interconnectedness and vulnerability. Aust. J. -Multi-Discip. Eng. 2018, 14, 4–25. [Google Scholar] [CrossRef]
- Mughal, A.A. The Art of Cybersecurity: Defense in Depth Strategy for Robust Protection. Int. J. Intell. Autom. Comput. 2018, 1, 1–20. [Google Scholar]
- Progoulakis, I.; Rohmeyer, P.; Nikitakos, N. Cyber physical systems security for maritime assets. J. Mar. Sci. Eng. 2021, 9, 1384. [Google Scholar] [CrossRef]
- Steingartner, W.; Galinec, D.; Kozina, A. Threat defense: Cyber deception approach and education for resilience in hybrid threats model. Symmetry 2021, 13, 597. [Google Scholar] [CrossRef]
- Capodieci, N.; Sanchez-Adames, C.; Harris, J.; Tatar, U. The Impact of Generative AI and LLMs on the Cybersecurity Profession. In Proceedings of the 2024 Systems and Information Engineering Design Symposium (SIEDS), Charlottesville, VA, USA, 3 May 2024; pp. 448–453. [Google Scholar] [CrossRef]
- Palmquist, A.; Jedel, I.; Goethe, O. Universal Design in Extended Realities. In Universal Design in Video Games: Active Participation Through Accessible Play; Springer: Berlin/Heidelberg, Germany, 2024; pp. 245–276. [Google Scholar]
- Bicalho, D.R.; Piedade, J.M.N.; de Lacerda Matos, J.F. The Use of Immersive Virtual Reality in Educational Practices in Higher Education: A Systematic Review. In Proceedings of the 2023 International Symposium on Computers in Education (SIIE), Setubal, Portugal, 16–18 November 2023; pp. 1–5. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Donekal Chandrashekar, N.; Lee, A.; Azab, M.; Gracanin, D. Understanding User Behavior for Enhancing Cybersecurity Training with Immersive Gamified Platforms. Information 2024, 15, 814. https://doi.org/10.3390/info15120814
Donekal Chandrashekar N, Lee A, Azab M, Gracanin D. Understanding User Behavior for Enhancing Cybersecurity Training with Immersive Gamified Platforms. Information. 2024; 15(12):814. https://doi.org/10.3390/info15120814
Chicago/Turabian StyleDonekal Chandrashekar, Nikitha, Anthony Lee, Mohamed Azab, and Denis Gracanin. 2024. "Understanding User Behavior for Enhancing Cybersecurity Training with Immersive Gamified Platforms" Information 15, no. 12: 814. https://doi.org/10.3390/info15120814
APA StyleDonekal Chandrashekar, N., Lee, A., Azab, M., & Gracanin, D. (2024). Understanding User Behavior for Enhancing Cybersecurity Training with Immersive Gamified Platforms. Information, 15(12), 814. https://doi.org/10.3390/info15120814