Cyber security behaviour assessment using serious games concepts, artificial intelligence and human behaviour analytics

Statistics [1] indicate that human errors cause a vast majority of all security breaches and that humans impact security outcomes more than any technology, policy or process. Efforts, so far, to improve cyber security behaviour among citizens, consumers and employees has not had the desired impact [2]. The one-size-fits-all cyber security training and awareness programs inform the end-users about good cyber practice. They do not factor in an understanding of “how” different people perceive risk differently and “Why” the humans continue to exhibit poor security behaviour.

Existing solutions are technology and process-oriented rather than being human-centric. ‘Changing behaviour’ requires more than providing information about cyber risks and reactive behaviors [3]. Personalising cyber security awareness/training based on the individual’s risk perception and the consequent need for security would trigger behaviour modification. To achieve this, it is critical to understand and assess the current security behaviour of end-users, as well as investigate the factors that influence the security behaviour and those that enable behaviour change among the end-users from a psychological standpoint. This PhD will focus on addressing some of these research challenges.

Game-based cyber behaviour assessment and artificial intelligence enabled behaviour modification.

 Diane Ackerman quotes “Play is our favorite way of learning”. Gamification is defined as applying game mechanics in a non-gaming context; The game-play environment offers the end-users an informal and a safe environment to learn. Game-based solutions has been used in cyber security skills training and has been found to motivate engagement and promote active learning experience while increasing retention of the learnt skills, in comparison to traditional learning approaches such as instructor-led face-to-face and online sessions[4]. Recent studies [5] indicate that game-based interventions have been used to promote healthy behaviours to promote self-care and wellness.

This study will explore game-based assessment techniques to understand the reason for the individual’s security behaviour and assess the individual’s current security behaviour. The study will then apply behavioural analytics and artificial intelligence to address some of the key challenges in understanding why humans behave the way they do in various cyber security contexts while interacting with digital systems.

Skills Required

• Educational/professional background in information security/ cyber security
• Interest in games and games for learning
• Familiarity with criminal psychology is desirable
• Programming skills (C#, unity or other games development platforms) is desirable.

Bibliography (Author’s recent publications on the topic)

[1] Balakrishna, C. The Impact of In-Classroom Non-Digital Game-Based Learning Activities on Students Transitioning to Higher Education. Educ. Sci. 2023, 13, 328.

[2] Balakrishna, C., & Charlton, P. (2022, October). Using Game-based Learning Methods to Demystify Cyber Security Concepts for Adult Learners. In Academic Conferences and publishing limited.

[3] Balakrishna, C. (2021, September). Design considerations for developing a game-based learning resource for cyber security education. In Proceedings of the European Conference on Games-Based Learning (pp. 80-89).

[4] Andrews, G., Balakrishna, C., & Mikroyannidis, A. (2023, October). The need for game-based learning methods to address cyber threats. In Proceedings of the 17th European Conference on Game-Based Learning: ECGBL 2023. Academic Conferences and publishing limited.

References:

[1] Selvam, V. S. D. (2020). Human Error in IT Security. arXiv preprint arXiv:2005.04163.

[2] Bada, Maria, Angela M. Sasse, and Jason RC Nurse. "Cyber security awareness campaigns: Why do they fail to change behaviour?." arXiv preprint arXiv:1901.02672 (2019).

[3] Fogg, B. J.: Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann (2002).

[4] Hill Jr, W. A., Fanuel, M., Yuan, X., Zhang, J., & Sajad, S. (2020). A Survey of Serious Games for Cybersecurity Education and Training.

[5] Zhou, C., Occa, A., Kim, S., & Morgan, S. (2020). A meta-analysis of narrative game-based interventions for promoting healthy behaviors. Journal of health communication, 25(1), 54-65.