Improving Cyber Security Education through Gamification in Sri Lanka

Abstract

Many existing cyber security education platforms are focused on providing a comprehensive set of training materials, but they often lack the engagement and motivation needed to effectively learn. The major issue is the lack of engagement and motivation in traditional cyber security education and available platforms lack interactive and immersive learning experiences and fail to build the necessary mindset and skills for the industry. The design based research approach involved a literature review, followed by prototyping, usability testing and refinement of the application. The application was designed to be engaging and effective, using gamified elements and methods, such as capture-the-flag (CTF) competitions. This used HTML, CSS, Javascript and REACT.Js framework with Firebase for the application development and the web application is designed to grant entry only to registered users and contains tasks related to four different topics related to web security: Cross Site Scripting, Cryptography, Open-Source Intelligence, and SQL injection. Further, this application includes three subsections: learning resources, guidelines, and leaderboard. The REACT.Js component makes an API call to the Firestore database to retrieve the scores and time taken to solve the tasks by each player. Further, the enthusiastic behavior of the undergraduates is evaluated under four independent variables with 97 of the sample. The application uses gamification to make cybersecurity training engaging, interactive and effective. It demonstrates the importance of building a strong cybersecurity mindset along with technical knowledge, improving user retention and understanding. By offering a comprehensive and enjoyable learning experience, the application aims to raise awareness and encourage active participation in the field of cyber security