How to improve network security using gamification

Anthony Keane, Jason Flood

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Computer network systems have been shown in many surveys to be inherently vulnerable to breaches from both internal and external attacks. The majority of external network attackers are people with little real skills and those with better hacking skills often follow the same known sequence of repetitious attacks that largely rely on the opportunity of chance for success. Why computer networks are insecure at all often originates from the actual users and administrators of the systems. As IT Administrators depend on the manufacturers for security in their products, so does the hacker depend on the manufacturers for exploitable vulnerabilities in their products. The IT administrator looks for certain behavioral strengths in end-users while the hackers look for behavioral weaknesses in the same end-users. The totality in the security of the network lies in the balance between the IT Administrators knowledge/skills and the hacker's knowledge/skills. The margin of separation is often in the ability of each party to learn new tricks with time playing a crucial part. We propose a training system for IT Administrators to strengthen their knowledge and skills in the hope of tilting the security balance in their favour. Our system is based on providing a cycle of system security testing incorporated with training in Capture-The- Flag gamification via Cloud hosted virtual server systems. These are built and maintained by knowledge providers from voluntary organisations like the Honeynet Project, OWASP and many other more individuals at the forefront of network security in their international organisations.

Original languageEnglish
Title of host publication12th European Conference on Information Warfare and Security 2013, ECIW 2013
PublisherAcademic Conferences Ltd
Pages402-404
Number of pages3
ISBN (Print)9781627489089
Publication statusPublished - 2013
Event12th European Conference on Information Warfare and Security 2013, ECIW 2013 - Jyvaskyla, Finland
Duration: 11 Jul 201312 Jul 2013

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference12th European Conference on Information Warfare and Security 2013, ECIW 2013
Country/TerritoryFinland
CityJyvaskyla
Period11/07/1312/07/13

Keywords

  • CTF
  • Hacking
  • IT administrator training
  • Network vulnerability
  • Security training

Fingerprint

Dive into the research topics of 'How to improve network security using gamification'. Together they form a unique fingerprint.

Cite this