A Survey of Serious Games for Cybersecurity Education and Training

Serious games can challenge users in competitive and entertaining ways. Educators have used serious games to increase student engagement in cybersecurity education. Serious games have been developed to teach students various cybersecurity topics such as safe online behavior, threats and attacks, malware, and more. They have been used in cybersecurity training and education at different levels. Serious games have targeted different audiences such as K-12 students, undergraduate and graduate students in academic institutions, and professionals in the cybersecurity workforce. In this paper, we provide a survey of serious games used in cybersecurity education and training. We categorize these games into four types based on the topics they cover and the purposes of the games: security awareness, network and web security, cryptography, and secure software development. We provide a catalog of games available online. This survey informs educators of available resources for cybersecurity education and training using interactive games. Keywords: Serious games; Game-based Learning; Cybersecurity

A Course Module on Malware Analysis

According to a 2019 mid-year report by Check Point Research, a cyber-intelligence firm, malware-related security attacks are as pervasive as ever and have paralyzed numerous organizations worldwide. Increasingly, malware authors are developing and incorporating more complex techniques into their code to offset known cyber-security defense mechanisms. As such, it is critical for students to analyze the low-level structure of Malware\u27s and their run-time effects on a system in order to develop a precise understanding of threats. The department of Computer Science at North Carolina A&T designed two Hand-on Labs that help students learn Malware Analysis. In the first lab, students conducted a dynamic analysis by actively infecting a virtual machine with a backdoor Trojan. In the second lab, students conducted a static analysis of the Trojans executable file. They used open-source tools to extract parameters from its source code in order to do a lightweight review of code capabilities. The analysis of survey data shows that students learned to build an accurate picture of a malware-infected system using the disentangled data collected by the various analyzing instruments. Additionally, the lightweight review of the malware\u27s source code demystified malware engineering to participants. Overall, our observations hold that lightweight source-code presentation is a good approach for in-depth teaching of malware analysis and is a dominant contributing factor for increasing student knowledge of the subject matter