SERIOUS GAMES

for

IOT SECURITY

Prof. Okada

Dr. Wei Shi

Ms. Ma

Ms. Kulshreshta

Ranjan Bose

WP 4

It is great to collaborate

with Kyushu University !!!

Greetings from IIT Delhi

Underlying Assumption

• Human beings (users) are the weakest

link in the chain

• Need to focus on IoT security education

• One possibility: Serious Games

SG defined as computer or digital games with an

educational intention to teach specific predefined skills

and knowledge

What is a Serious Game ?

Games designed for a primary goal different from pure

entertainment

Or

Serious Games

Applications

MilitaryHealth

Corporate

Training

Education

Training

Training and development has been

approached in many ways to deal with specific

learning objectives like

Why do we need serious games ?

The success of any training effort is engagement

• Through serious game initiative, the learning

content is delivered in a game-based

environment.

Physical training manuals

Training videos E learning

What makes a game so engaging?

Story

Game mechanics & Interactivity

Rules

Immersive graphical

environment

Challenge/

competition

Risks and consequences

Aspects of a game

Pedagogic aspects

Technical

aspectsIntegration aspects

Serious Games for IOT Security

Approach• Study of IOT attacks

• Study of IOT applications in context of SMART BUILDINGS

Significance

• Use of Serious Games for teaching

• IOT Attacks

• Prevention, Early Detection, Mitigation

Framework?

Experiential Model of Learning

Assimilative

(watch and think)

Accommodative

(do and feel)

Divergent

(feel and watch)

Convergent

(do and think)

EXPERIENCE

The most important aspect of experiential games

is the experience that is being created

Need to craft the user experience

Experience, Experiment, Evaluate (EEE)

EXPERIMENT

The players can experiment (what if)

The players can relate ideas, cluster, label

EVALUATE

The players can evaluate their progress

Clearly defined goals, motivating goals, cannot

beat the game without undergoing learning

Steps for Serious Games

Evaluation of Existing Games

Designing Domain Specific Games

Finding Shortcomings

In our Literature survey we found 33 papers related to

serious games about cyber security

The search database included

IEEE

ACM

SCIENCE DIRECT

ERIC

EMERALD

Review of Serious Games

Classification of Serious Games

Genre

Delivery

Platform

Study Methods

Subject Discipline

Classification of Serious Games

Behavioural Outcome

Cognitive Outcome

Affective and

Motivational Outcome

Social skills

learned

Classification of Serious Games

Behavioural Outcome

Cognitive Outcome

Affective and Motivational

Outcome

Social skills

learned

0

1

2

3

4

5

6

7

8

9

Behavioual Cognitive Affective &Motivational

Social Skills

Examples of Serious Games

Anti-phishing phil CyberCeige

SimSafety

Cybersecurity island

Agent Surefire

Relevance, Embedding, Transfer, Adaption,

Immersion and Naturalization (RETAIN) Model was

developed to:

• Support game-based learning development,

• Assess how well games-based learning contains and

incorporates academic content.

Evaluation of SGs using RETAIN model

Evaluation of SGs using RETAIN model

Element Description Weight ** Score

Relevance

i) Presenting materials in a way relevant to

learners, their needs, and their learning

styles, and

ii) Ensuring the instructional units are

relevant to one another so that the

elements link together and build upon

previous work.

1 3

Embedding

Assessing how closely the academic

content is coupled with the fantasy/story

content where fantasy refers to the

narrative structure, storylines, player

experience, dramatic structure, fictive

elements, etc.

3 9

TransferHow the player can use previous

knowledge and apply it in other areas. 5 15

AdaptionA change in behaviour as a consequence

of transfer. 4 12

ImmersionThe player intellectually investing in the

context of the game. 2 6

Naturalization

The development of habitual and

spontaneous use of information derived

within the game.6 18

63/63

Evaluation of SGs using RETAIN model

Survey of 5 Serious Games with students from IIT Delhi and

Kyushu University

• Each student was asked to play the games and score

• According their scores we came across the following results

Use Case

• IoT enabled Smart Building

Smart Grid

Fog/ Cloud

Smart Buildings

HVAC

Intrusion Detection

Smoke/ Fire Detection

Vending Machines

Smart Meter

Water, Gas, Electricity

Temperature, Lighting

Security Alarm

Smart Cleaning

Serious Games for Smart Buildings

HVAC

System

Smart

Lighting

Water

Smart

Energy

Fire

SafetyIntrusion

Detection

Sewage

System

Smart

Meter

Several ProblemsExample – Smart Energy Meters: Types of attack

False Data

Injection Attack

Tampering with

the date stamp

Memory Attack

Side channel

Attack

Communication

Module Attack

The game should teach these various kinds of

attacks on a Smart Meter

Eavesdropping

Several ProblemsExample – Smart Energy Meters: Detection

Anomaly

Detection

Intrusion

Detection

Memory Access

Detection of Side

channel Attack

Data leakage

The game should teach these various kinds of

detection of attacks on a Smart Meter

Several ProblemsExample – Smart Energy Meters: Prevention

Light Weight

Encryption

Firewalls

Memory Access

Control

Randomized

power dissipation

Black/Whitelisting

The game should teach these various kinds of

prevention of attacks on a Smart Meter

Reduce PFA

Cross-layer

Several ProblemsExample – Smart Energy Meters: Security Techniques

Encryption

basedMachine

learning based

Memory based

Anomaly

detection

AI based

The game should teach these various kinds of

mathematical techniques for secure Smart Meter

How to function

despite an attack

Use data from

different layers

PCA

28

• Investigation of attack vectors Altering Time Stamp De-auth attack DoS attacks MiM Attack

Attack on Smart Meters

IoT Education

IoT System description

Type of Attacks

Attack Detection, Prevention, Mitigation

Damage AssessmentCost of AttacksWeb Based

Serious Games

Literature Our Research

Learning Analytics for Serious Games

• Relevant questions for Learning Analytics

– How much learning is really taking place?

– How do we measure it?

– How do we monitor it in real-time?

– How do we maximize it?

– Can we build an information-theoretic framework?

Several Problems

ModellingChoosing

data

Capturing

data

Aggregating

dataAnalyzing

data

Deploying

data

Learning Analytics for Serious Games

Several ProblemsModelling for Learning Analytics in SGCompetence-Based Knowledge Space Theory (CbKST)• Requires learning domains to be modelled as a prerequisite

competency structure

• Learner’s assessment is inferred by their competencies

• The learner’s actions are tracked during the gameplay

• Relies on three concepts: the precedence relation, the competence

states and the competence structure

Narrative Game-Based Learning Objects (NGLOB)• Additionally considers player type and narrative aspects

• Triple vector: Narrative Context, Gaming Context, Learning Context

Several ProblemsModelling for Learning Analytics in SG

Evidence-Centered Design (ECD)• Competency Model, Evidence Model and Action Model

Open Learner Model (OLM)• Presenting to the learner an understandable visualization of his

current knowledge state

• Proven to improve learning outcomes

Several ProblemsChoosing Data for Learning Analytics in SG

Depends on learning goals, setting, tasks, game genre,

mechanic and platform

Intensive vs. Extensive Data• Extensive Data: for Higher Quantity

• Intensive Data: for Higher Quality

Single-Player vs. Multiplayer• Multiplayer: additional social component

Generic vs. Game-Specific Traces• Generic: Identify strengths and weaknesses of learning games,

• Game-Specific: Designing games "with analytics in mind“

Several ProblemsCapturing Data for Learning Analytics in SG

Depends on data modalities and interactions

Activity logs

• Widely employed

• Records interaction data in form of log files

Multimodal Learning Analytics

• Includes biometric data and other multimodal data

• Assessing motivation, fun and collaboration

• Introduces its own challenges for aligning data

Mobile and Ubiquitous Learning Analytics

• Data of mobile learners, suitable for mobile games

• Interaction with mobile devices

• Considering contextual information

Several ProblemsAggregating Data for Learning Analytics in SG

Depends on data sources and sample size

Extensive Data Aggregation across Users• Log data joined into central database after reprocessing using session

identifiers

• Log files generated on all machines should use same data format

• Need for standardized xml formats

• Aggregation Model: using semantic rules to map game actions or

states to meaningful expressions under which similar events are grouped

Intensive Data Aggregation across Modalities• Multimodal Data Synchronization needed for observing behaviour

across MM data channels

• Some tools exist: Replayer, ChronoVis

Several ProblemsAnalyzing Data for Learning Analytics in SG

Depends on learning context and application

By instructor• This step is not done by the system but instructor intervenes according to

visualized statistics

Automatic Analysis• For intelligent tutoring systems and adaptive Serious Games

• Measures to be derived:

Gaming: In-game performance, in-game learning, in-game strategies

Learning: • Learning behaviours, learning outcomes

• In-game sources of evidence to infer competencies

• Learning sessions to update competency models

• Data Mining and Machine Learning approaches can be used for

identifying solution strategies, error patterns and player goal

Several ProblemsDeploying Results for Learning Analytics in SG

Depends on learning context and application

Visualization• visualizations of narrative structure, player model and skill tree

• graphs, Hasse Diagrams, Heat Maps

• for games, a special need for real-time operation, extensibility and

interoperability

Adaptation• macro - adaptivity: system responds by choosing the appropriate next

learning object or narrative event

• micro - adaptivity: adjusting aspects within a learning task like task

difficulty or feedback type

Several ProblemsFuture Work

Integrating Learning Analytics for analyzing

learning

Extension of SGs to Virtual Reality (VR)

games

Arigato

Gosaimas