Our goal is to develop a web-based platform that can (1) host a collection of micro games for security training, (2) simplify the task of developing games by providing useful features, (3) help administrators manage and deploy micro games, and (4) help analysts visualize and drill down on data. For phase I, we will demonstrate the feasibility of our ideas. We will use a human-centered approach in developing a first iteration of this platform, conducting user studies to ensure that users find our system useful, usable, and desirable. We will also develop core functions and integrate two of our micro-games for security, one of which we have already developed and deployed, the other we are in the early design phases. Our team is comprised of three computer science faculty from Carnegie Mellon University who have founded a startup (Wombat Security Technologies, Inc) to commercialize our research in anti-phishing. Part of this research was in developing fun and effective training to protect people from online phishing scams, the most successful of which has been a game played by over 80,000 people with results showing that the game significantly boosts the ability of users to detect phishing attacks.
Benefit: Success in this line of work will lead to five tangible benefits. First, it will make it easier for end-users to educate themselves through a variety of games for security training and assess how they are doing overall. Second, it will make it simpler for developers to deploy security training games, in that it makes games easy to find and eliminates the need for having to develop custom features that are common to many games, such as statistics and analytics. Third, our platform will provide a single centralized location for administrators to do common functions, rather than having to manage and configure each game individually. Fourth, our platform will make it easier for an analyst to assess how an organization is doing overall with regards to security training and retention. Fifth, our platform, coupled with a large set of games for security training, will lead to better and more effective security training for individuals, thus leading to better security and overall preparedness for an organization. Our anti-phishing game has been shown to appeal to users across a broad segment of organizations, including the US AirForce, financial organizations (e.g. Depository Trust and Clearing Corporation, TD Ameritrade), government (e.g. Florida Department of Transportation), schools, health care providers (e.g. Children Hospital Los Angeles), ISPs, government contractors (e.g. Booz Allen & Hamilton) and others, thereby demonstrating the dual-use potential of our approach to cyber security awareness training. Yet the cost of developing a single game remains high. Through the new platform we propose to develop and validate under the proposed SBIR grant, we expect to significantly reduce the development costs and time associated with the introduction of new games. With cyber security threats continuing to evolve quite rapidly, this is critical if one is to ensure that training material remains current.
Keywords: Micro Game, Gaming, Games, Security, Training, Platform, Phishing, Analytics
