The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools

Cameron, Alex, Alam, Abu S, Khurana, Madhu ORCID: 0000-0003-3976-1256, Allison, Jordan ORCID: 0000-0001-8513-4646 and Anjum, Nasreen ORCID: 0000-0002-7126-2177 (2024) The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools. IEEE Transactions on Education. pp. 1-8. doi:10.1109/TE.2024.3471336 (In Press)

Text 14471 Cameron, A. et al. (2024) The Importance of Malware Awareness for Aspiring Cyber Professionals Applicability of Gamification Static Analysis Tools.pdf - Accepted Version Restricted to Repository staff only Available under License Creative Commons Attribution 4.0. Download (3MB)

Abstract

Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.

Item Type:	Article
Article Type:	Article
Uncontrolled Keywords:	Human factors; Malware; Static analysis; Training; Virtualization; WannaCry
Subjects:	Q Science > QA Mathematics > QA76 Computer software Q Science > QA Mathematics > QA76 Computer software > QA76.76 Computer software topics A-Z > QA76.76.C672 Computer game programming
Divisions:	Schools and Research Institutes > School of Business, Computing and Social Sciences
Depositing User:	Kamila Niekoraniec
Date Deposited:	23 Oct 2024 14:23
Last Modified:	23 Oct 2024 14:30
URI:	https://eprints.glos.ac.uk/id/eprint/14471

University Staff: Request a correction | Repository Editors: Update this record