Malicious User Experience Design Research for Cybersecurity

This paper explores the factors and theory behind the user-centered research that is necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security to reach a goal or a reward of data. Based on the malicious user research, game user research, and using the GameFlow framework, we propose a novel malicious user experience design approac

Bespoke controllers and their impact on game feel

This project explores the role and effect of bespoke game controllers on game feel and accessibility. The project aims to develop a range of custom controllers and associated games, designed to tightly couple the user interaction with the game execution. Player analytics will be collected to quantify, explore and improve the user experience.Game feel encompasses a wide range of definitions including intuitive controls, physical interaction with virtual objects, and the appeal of playing. Game feel is subjective and therefore challenging to quantify, but something every player instinctively recognises. There is a growing niche of games utilising bespoke hardware to deliver a unique player experience, such as games played with Unicorn horns or by shouting, rather than the traditional controller. The project seeks to push the boundaries of games and explore how game design, user experience and accessibility are affected when the limitation of traditional input systems is removed. The project has developed four bespoke controllers, utilising creative technologies and physical sensors. The controllers are based on inputs using force sensitive sensors, flex sensors, distance sensor and orientation sensors. Prototype games have been developed for each controller designed to exploit the controllers unique form of user interaction. The next steps are to evaluate the player experience and explore how the various controllers are utilised using a data-driven approach.The project proposes that the bespoke controller could widen engagement and improve the user experience by delivering a more intuitive interface and improving game feel. The project will provide insights and design guidelines for both of the development of the custom game controllers and how they can be linked to certain game mechanics in the associated games

Phish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks

Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have been designed and implemented but they have been unable to solve the problem adequately. This failure is often due to security experts overlooking the human element and ignoring their fallibility in making trust decisions online. In this paper, we present Phish Phinder, a serious game designed to enhance the user's confidence in mitigating phishing attacks by providing them with both conceptual and procedural knowledge about phishing. The user is trained through a series of gamified challenges, designed to educate them about important phishing related concepts, through an interactive user interface. Key elements of the game interface were identified through an empirical study with the aim of enhancing user interaction with the game. We also adopted several persuasive design principles while designing Phish Phinder to enhance phishing avoidance behaviour among users.Comment: 1

Interplay between security providers, consumers, and attackers: a weighted congestion game approach

Network users can choose among different security solutions to protect their data. Those solutions are offered by competing providers, with possibly different performance and price levels. In this paper, we model the interactions among users as a noncooperative game, with a negative externality coming from the fact that attackers target popular systems to maximize their expected gain. Using a nonatomic weighted congestion game model for user interactions, we prove the existence and uniqueness of a user equilibrium, compute the corresponding Price of Anarchy, that is the loss of efficiency due to user selfishness, and investigate some consequences for the (higher-level) pricing game played by security providers.Game theory;Weighted games; Security

Energy-Efficient Resource Allocation in Wireless Networks with Quality-of-Service Constraints

A game-theoretic model is proposed to study the cross-layer problem of joint power and rate control with quality of service (QoS) constraints in multiple-access networks. In the proposed game, each user seeks to choose its transmit power and rate in a distributed manner in order to maximize its own utility while satisfying its QoS requirements. The user's QoS constraints are specified in terms of the average source rate and an upper bound on the average delay where the delay includes both transmission and queuing delays. The utility function considered here measures energy efficiency and is particularly suitable for wireless networks with energy constraints. The Nash equilibrium solution for the proposed non-cooperative game is derived and a closed-form expression for the utility achieved at equilibrium is obtained. It is shown that the QoS requirements of a user translate into a "size" for the user which is an indication of the amount of network resources consumed by the user. Using this competitive multiuser framework, the tradeoffs among throughput, delay, network capacity and energy efficiency are studied. In addition, analytical expressions are given for users' delay profiles and the delay performance of the users at Nash equilibrium is quantified.Comment: Accpeted for publication in the IEEE Transactions on Communication