Developing and Assessing Educational Games to Enhance Cyber Security Learning in Computer Science

Cyber security education is critical to preparing Computer Science students for the increasing security challenges they will face in the future. Games have been successfully used in many areas of education, including Computer Science, to engage students in learning. Although some games are available to increase cyber security awareness among high school students, it is hard to find serious games that focus on advanced security topics for college students. The cyber security educational community needs this type of tool to keep students motivated and engaged in learning difficult security concepts. Furthermore, many of the creators of the educational games have not put sufficient emphasis on the evaluation and assessment of the games. We developed three educational games to teach cybersecurity concepts including Buffer Overflow, Access Control, LAN and ARP Spoofing. The games were developed using the Unity game engine and deployed to the WebGL format so students can play them online. None of these games require prior experience in gaming. To measure the effectiveness, we developed presurvey, post-survey, and focus group protocols. Additionally, each game module has in-game assessments which require students to complete after each level of the game. Player information and assessment data are saved on the cloud through GameSparks for further analysis. These games have been utilized many times in the classroom with positive student feedback and promising evaluation results. In this poster, we will present game design, development, and assessment results.