@inproceedings{e124cf7c821d4b24bada2d728516e447,
title = "How to improve network security using gamification",
abstract = "Computer network systems have been shown in many surveys to be inherently vulnerable to breaches from both internal and external attacks. The majority of external network attackers are people with little real skills and those with better hacking skills often follow the same known sequence of repetitious attacks that largely rely on the opportunity of chance for success. Why computer networks are insecure at all often originates from the actual users and administrators of the systems. As IT Administrators depend on the manufacturers for security in their products, so does the hacker depend on the manufacturers for exploitable vulnerabilities in their products. The IT administrator looks for certain behavioral strengths in end-users while the hackers look for behavioral weaknesses in the same end-users. The totality in the security of the network lies in the balance between the IT Administrators knowledge/skills and the hacker's knowledge/skills. The margin of separation is often in the ability of each party to learn new tricks with time playing a crucial part. We propose a training system for IT Administrators to strengthen their knowledge and skills in the hope of tilting the security balance in their favour. Our system is based on providing a cycle of system security testing incorporated with training in Capture-The- Flag gamification via Cloud hosted virtual server systems. These are built and maintained by knowledge providers from voluntary organisations like the Honeynet Project, OWASP and many other more individuals at the forefront of network security in their international organisations.",
keywords = "CTF, Hacking, IT administrator training, Network vulnerability, Security training",
author = "Anthony Keane and Jason Flood",
year = "2013",
language = "English",
isbn = "9781627489089",
series = "European Conference on Information Warfare and Security, ECCWS",
publisher = "Academic Conferences Ltd",
pages = "402--404",
booktitle = "12th European Conference on Information Warfare and Security 2013, ECIW 2013",
note = "12th European Conference on Information Warfare and Security 2013, ECIW 2013 ; Conference date: 11-07-2013 Through 12-07-2013",
}