serious games - 九州大学サイバーセキュリティセンター · 2018-02-13 · several...
TRANSCRIPT
SERIOUS GAMES
for
IOT SECURITY
Prof. Okada
Dr. Wei Shi
Ms. Ma
Ms. Kulshreshta
Ranjan Bose
WP 4
It is great to collaborate
with Kyushu University !!!
Greetings from IIT Delhi
Underlying Assumption
• Human beings (users) are the weakest
link in the chain
• Need to focus on IoT security education
• One possibility: Serious Games
SG defined as computer or digital games with an
educational intention to teach specific predefined skills
and knowledge
What is a Serious Game ?
Games designed for a primary goal different from pure
entertainment
Or
Serious Games
Applications
MilitaryHealth
Corporate
Training
Education
Training
Training and development has been
approached in many ways to deal with specific
learning objectives like
Why do we need serious games ?
The success of any training effort is engagement
• Through serious game initiative, the learning
content is delivered in a game-based
environment.
Physical training manuals
Training videos E learning
What makes a game so engaging?
Story
Game mechanics & Interactivity
Rules
Immersive graphical
environment
Challenge/
competition
Risks and consequences
Aspects of a game
Pedagogic aspects
Technical
aspectsIntegration aspects
Serious Games for IOT Security
Approach• Study of IOT attacks
• Study of IOT applications in context of SMART BUILDINGS
Significance
• Use of Serious Games for teaching
• IOT Attacks
• Prevention, Early Detection, Mitigation
Framework?
Experiential Model of Learning
Assimilative
(watch and think)
Accommodative
(do and feel)
Divergent
(feel and watch)
Convergent
(do and think)
EXPERIENCE
The most important aspect of experiential games
is the experience that is being created
Need to craft the user experience
Experience, Experiment, Evaluate (EEE)
EXPERIMENT
The players can experiment (what if)
The players can relate ideas, cluster, label
EVALUATE
The players can evaluate their progress
Clearly defined goals, motivating goals, cannot
beat the game without undergoing learning
Steps for Serious Games
Evaluation of Existing Games
Designing Domain Specific Games
Finding Shortcomings
In our Literature survey we found 33 papers related to
serious games about cyber security
The search database included
IEEE
ACM
SCIENCE DIRECT
ERIC
EMERALD
Review of Serious Games
Classification of Serious Games
Genre
Delivery
Platform
Study Methods
Subject Discipline
Classification of Serious Games
Behavioural Outcome
Cognitive Outcome
Affective and
Motivational Outcome
Social skills
learned
Classification of Serious Games
Behavioural Outcome
Cognitive Outcome
Affective and Motivational
Outcome
Social skills
learned
0
1
2
3
4
5
6
7
8
9
Behavioual Cognitive Affective &Motivational
Social Skills
Examples of Serious Games
Anti-phishing phil CyberCeige
SimSafety
Cybersecurity island
Agent Surefire
Relevance, Embedding, Transfer, Adaption,
Immersion and Naturalization (RETAIN) Model was
developed to:
• Support game-based learning development,
• Assess how well games-based learning contains and
incorporates academic content.
Evaluation of SGs using RETAIN model
Evaluation of SGs using RETAIN model
Element Description Weight ** Score
Relevance
i) Presenting materials in a way relevant to
learners, their needs, and their learning
styles, and
ii) Ensuring the instructional units are
relevant to one another so that the
elements link together and build upon
previous work.
1 3
Embedding
Assessing how closely the academic
content is coupled with the fantasy/story
content where fantasy refers to the
narrative structure, storylines, player
experience, dramatic structure, fictive
elements, etc.
3 9
TransferHow the player can use previous
knowledge and apply it in other areas. 5 15
AdaptionA change in behaviour as a consequence
of transfer. 4 12
ImmersionThe player intellectually investing in the
context of the game. 2 6
Naturalization
The development of habitual and
spontaneous use of information derived
within the game.6 18
63/63
Evaluation of SGs using RETAIN model
Survey of 5 Serious Games with students from IIT Delhi and
Kyushu University
• Each student was asked to play the games and score
• According their scores we came across the following results
Use Case
• IoT enabled Smart Building
Smart Grid
Fog/ Cloud
Smart Buildings
HVAC
Intrusion Detection
Smoke/ Fire Detection
Vending Machines
Smart Meter
Water, Gas, Electricity
Temperature, Lighting
Security Alarm
Smart Cleaning
Serious Games for Smart Buildings
HVAC
System
Smart
Lighting
Water
Smart
Energy
Fire
SafetyIntrusion
Detection
Sewage
System
Smart
Meter
Several ProblemsExample – Smart Energy Meters: Types of attack
False Data
Injection Attack
Tampering with
the date stamp
Memory Attack
Side channel
Attack
Communication
Module Attack
The game should teach these various kinds of
attacks on a Smart Meter
Eavesdropping
Several ProblemsExample – Smart Energy Meters: Detection
Anomaly
Detection
Intrusion
Detection
Memory Access
Detection of Side
channel Attack
Data leakage
The game should teach these various kinds of
detection of attacks on a Smart Meter
Several ProblemsExample – Smart Energy Meters: Prevention
Light Weight
Encryption
Firewalls
Memory Access
Control
Randomized
power dissipation
Black/Whitelisting
The game should teach these various kinds of
prevention of attacks on a Smart Meter
Reduce PFA
Cross-layer
Several ProblemsExample – Smart Energy Meters: Security Techniques
Encryption
basedMachine
learning based
Memory based
Anomaly
detection
AI based
The game should teach these various kinds of
mathematical techniques for secure Smart Meter
How to function
despite an attack
Use data from
different layers
PCA
28
• Investigation of attack vectors Altering Time Stamp De-auth attack DoS attacks MiM Attack
Attack on Smart Meters
IoT Education
IoT System description
Type of Attacks
Attack Detection, Prevention, Mitigation
Damage AssessmentCost of AttacksWeb Based
Serious Games
Literature Our Research
Learning Analytics for Serious Games
• Relevant questions for Learning Analytics
– How much learning is really taking place?
– How do we measure it?
– How do we monitor it in real-time?
– How do we maximize it?
– Can we build an information-theoretic framework?
Several Problems
ModellingChoosing
data
Capturing
data
Aggregating
dataAnalyzing
data
Deploying
data
Learning Analytics for Serious Games
Several ProblemsModelling for Learning Analytics in SGCompetence-Based Knowledge Space Theory (CbKST)• Requires learning domains to be modelled as a prerequisite
competency structure
• Learner’s assessment is inferred by their competencies
• The learner’s actions are tracked during the gameplay
• Relies on three concepts: the precedence relation, the competence
states and the competence structure
Narrative Game-Based Learning Objects (NGLOB)• Additionally considers player type and narrative aspects
• Triple vector: Narrative Context, Gaming Context, Learning Context
Several ProblemsModelling for Learning Analytics in SG
Evidence-Centered Design (ECD)• Competency Model, Evidence Model and Action Model
Open Learner Model (OLM)• Presenting to the learner an understandable visualization of his
current knowledge state
• Proven to improve learning outcomes
Several ProblemsChoosing Data for Learning Analytics in SG
Depends on learning goals, setting, tasks, game genre,
mechanic and platform
Intensive vs. Extensive Data• Extensive Data: for Higher Quantity
• Intensive Data: for Higher Quality
Single-Player vs. Multiplayer• Multiplayer: additional social component
Generic vs. Game-Specific Traces• Generic: Identify strengths and weaknesses of learning games,
• Game-Specific: Designing games "with analytics in mind“
Several ProblemsCapturing Data for Learning Analytics in SG
Depends on data modalities and interactions
Activity logs
• Widely employed
• Records interaction data in form of log files
Multimodal Learning Analytics
• Includes biometric data and other multimodal data
• Assessing motivation, fun and collaboration
• Introduces its own challenges for aligning data
Mobile and Ubiquitous Learning Analytics
• Data of mobile learners, suitable for mobile games
• Interaction with mobile devices
• Considering contextual information
Several ProblemsAggregating Data for Learning Analytics in SG
Depends on data sources and sample size
Extensive Data Aggregation across Users• Log data joined into central database after reprocessing using session
identifiers
• Log files generated on all machines should use same data format
• Need for standardized xml formats
• Aggregation Model: using semantic rules to map game actions or
states to meaningful expressions under which similar events are grouped
Intensive Data Aggregation across Modalities• Multimodal Data Synchronization needed for observing behaviour
across MM data channels
• Some tools exist: Replayer, ChronoVis
Several ProblemsAnalyzing Data for Learning Analytics in SG
Depends on learning context and application
By instructor• This step is not done by the system but instructor intervenes according to
visualized statistics
Automatic Analysis• For intelligent tutoring systems and adaptive Serious Games
• Measures to be derived:
Gaming: In-game performance, in-game learning, in-game strategies
Learning: • Learning behaviours, learning outcomes
• In-game sources of evidence to infer competencies
• Learning sessions to update competency models
• Data Mining and Machine Learning approaches can be used for
identifying solution strategies, error patterns and player goal
Several ProblemsDeploying Results for Learning Analytics in SG
Depends on learning context and application
Visualization• visualizations of narrative structure, player model and skill tree
• graphs, Hasse Diagrams, Heat Maps
• for games, a special need for real-time operation, extensibility and
interoperability
Adaptation• macro - adaptivity: system responds by choosing the appropriate next
learning object or narrative event
• micro - adaptivity: adjusting aspects within a learning task like task
difficulty or feedback type
Several ProblemsFuture Work
Integrating Learning Analytics for analyzing
learning
Extension of SGs to Virtual Reality (VR)
games
Arigato
Gosaimas