% IMPORTANT: The following is UTF-8 encoded. This means that in the presence
% of non-ASCII characters, it will not work with BibTeX 0.99 or older.
% Instead, you should use an up-to-date BibTeX implementation like “bibtex8” or
% “biber”.
@PHDTHESIS{Rpke:957824,
author = {Röpke, René},
othercontributors = {Schroeder, Ulrik and Lucke, Ulrike},
title = {{E}xtending game-based anti-phishing education using
personalization : design and implementation of a framework
for personalized learning game content in anti-phishing
learning games},
school = {RWTH Aachen University},
type = {Dissertation},
address = {Aachen},
publisher = {RWTH Aachen University},
reportid = {RWTH-2023-04991},
pages = {1 Online-Ressource : Illustrationen, Diagramme},
year = {2023},
note = {Veröffentlicht auf dem Publikationsserver der RWTH Aachen
University; Dissertation, RWTH Aachen University, 2023},
abstract = {Phishing poses an imminent and wide-ranging threat to
Internet users worldwide, in which attackers use methods of
deception to lure victims into disclosing information.
Recent reports state high numbers of phishing incidents and,
so far, technical solutions fail to stop the threat
completely. As a complementary approach, user education
using anti-phishing learning games has been explored to
raise awareness and teach the necessary knowledge and skills
to detect and protect against phishing attacks. A common
game mechanic used in existing games requires learners to
classify URLs as either legitimate or phishing in a binary
decision scheme. Here, a problem can occur if learners do
not know the service of a given URL and are unable to
classify the URL due to a lack of reference. As such,
learners may revert to guessing which may weaken the
game’s potential for practice, since learners cannot
relate between correct classifications and the applied
knowledge. Furthermore, the possibilities for feedback are
limited since the binary decision mechanic does not provide
any insights into learners’ decision processes and
possible misconceptions. In this dissertation, the
limitations for feedback as well as the problem with
classifying unknown URLs in anti-phishing learning games are
addressed as follows: First, a review of existing learning
games provides insights into their design and covered
learning content. Its results are used in guiding the design
and implementation of two new game prototypes. Here, the
first game extends the before-mentioned binary decision
mechanic and requires learners to sort URLs into one of many
categories, depending on which manipulation technique was
applied to a distinct part of the URL. The second game
requires learners to apply different manipulation techniques
and create their own malicious URLs using a puzzle mechanic.
Next, the means of personalization for anti-phishing
learning games are explored and a personalization pipeline
is developed. By considering the learners’ familiarity
with different services and dynamically creating benign and
phishing URLs, the content of anti-phishing learning games
can be personalized. To evaluate the new game prototypes as
well as the application of the personalization pipeline, two
comparative user studies are conducted in a between-group
design with pre-, post- and longitudinal testing. In the
first user study with 133 participants, both games are
evaluated and compared to a baseline implementation. While
participants of the new games did not perform significantly
better than the control group, results show significant
improvements in the participants’ performance and
confidence between pre- and post-tests for all games, as
well as notable differences when classifying URLs of unknown
and known services. In the second user study with 49
participants, the personalization pipeline is integrated
into one of the games, in order to compare its personalized
and nonpersonalized version. Here, personalization enables
the control of service familiarity and allows insights into
how URLs of unknown services are handled within the game.
While participants of the personalized game did not
outperform the participants of its non-personalized version,
the evaluation of in-game behavior provides insights into
learners’ decision processes and possible problems or
misconceptions. Furthermore, results of a longitudinal
evaluation of all games and versions show that knowledge is
retained since the participants perform still significantly
better than in the pre-test. In all, this dissertation
presents first approaches and research results in the domain
of personalized anti-phishing learning games. Future work
may entail redesigning anti-phishing learning games to
incorporate further means of personalization and to
understand how learner characteristics can be utilized in
anti-phishing learning games.},
cin = {122420 / 120000},
ddc = {004},
cid = {$I:(DE-82)122420_20140620$ / $I:(DE-82)120000_20140620$},
typ = {PUB:(DE-HGF)11},
doi = {10.18154/RWTH-2023-04991},
url = {https://publications.rwth-aachen.de/record/957824},
}
Gast ::