research-article

Malicious User Experience Design Research for Cybersecurity

Authors:

Adam Trowbridge,

Filipo Sharevski,

Jessica WestbrookAuthors Info & Claims

NSPW '18: Proceedings of the New Security Paradigms Workshop

Pages 123 - 130

https://doi.org/10.1145/3285002.3285010

Published: 28 August 2018 Publication History

Abstract

This paper explores the factors and theory behind the user-centered research necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security to reach a goal or a reward of data. Based on the malicious user research, game user research, and using the GameFlow framework, we propose a novel malicious user experience design approach.

References

[1]

Mohammed H Almeshekah and Eugene H Spafford. 2014. Planning and Integrating Deception into Computer Security Defenses. In Proceedings of the 2014 New Security Paradigms Workshop. ACM, Victoria, BC, Canada, 127--138.

Digital Library

[2]

Gustavo Andrade, Geber Ramalho, AS Gomes, and Vincent Corruble. 2006. Dynamic Game Balancing: An Evaluation of User Satisfaction. In Second Artificial Intelligence and Interactive Digital Entertainment Conference. AAAI, Marina del Rey, CA, 3--8. http://www.aaai.org/Papers/AIIDE/2006/AIIDE06-005.pdf

Digital Library

[3]

Michael Bachmann. 2010. The Risk Propensity and Rationality of Computer Hackers. International Journal of Cyber Criminology 4, 1&2 (2010), 643--656. http://www.cybercrimejournal.com

[4]

Nathan Backman. 2016. Facilitating a Battle Between Hackers: Computer Security Outside of the Classroom. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education. ACM, Memphis, TN, 603--608.

Digital Library

[5]

Bob Blakely. 2015. Cloud Identity Summit - Keynote Speech. www.youtube.com/watch?v=ApKCZ-f1wbA

[6]

Peter Chapman, Jonathan Burket, and David Brumley. 2014. PicoCTF: A Game-Based Computer Security Competition for High School Students. In 2014 USENIX Summit on Gaming, Games, and Gamfication in Security Education. USENIX, San Diego, CA, 1--10.

[7]

Georgios Christou. 2014. The Interplay Between Immersion and Appeal in Video Games. Computers in Human Behaviour 32, March 2014 (2014), 92--100.

[8]

Roland Dela Paz. 2011. The Market for Vulnerabilities: How Hackers Profit. https://blog.trendmicro.com/trendlabs-security-intelligence/the-market-for-vulnerabilities-how-hackers-profit/

[9]

Arne Dietrich. 2004. Neurocognitive Mechanisms Underlying the Experience of Flow. Consciousness and Cognition 13, 4 (2004), 746--761.

[10]

Benoît Dupont, Anne-Marie Côté, Claire Savine, and David Décary-Hétu. 2016. The Ecology of Trust Among Hackers. Global Crime 17, 2 (2016), 129--151.

[11]

Melissa S. Emond and Harvey H.C. Marmurek. 2010. Gambling Related Cognitions Mediate the Association Between Thinking Style and Problem Gambling Severity. Journal of Gambling Studies 26, 2 (2010), 257--267.

[12]

Damiano Felini. 2015. Beyond Today's Video Game Rating Systems: A Critical Approach to PEGI and ESRB, and Proposed Improvements. Games and Culture 10, 1 (2015), 106--122.

[13]

Robbie Gallagher. 2016. Where Do the Phishers Live? Collecting Phishers' Geographic Locations from Automated Honeypots. https://archive.org/details/Where_Do_The_Phishers_Live

[14]

N. Goltz. 2011. ESRB Warning: Use of Virtual Worlds by Children May Result in Addiction and Blurring of Borders âĂŞ The Advisable Regulations in Light of Foreseeable Damages. Pittsburgh Journal of Technology Law and Policy 11, 2 (2011), 1--62.

[15]

J Grudin and J M Carroll. 2017. From Tool to Partner: The Evolution of Human-Computer Interaction (1st ed.). Morgan & Claypool Publishers, New York, NY. 183 pages. https://books.google.com/books?id=Wc3hDQAAQBAJ

Digital Library

[16]

Anand Gupta, S K Gupta, Isha Manu Ganesh, Pankhuri Gupta, Vikram Goyal, and Sangeeta Sabharwal. 2010. Opaqueness Characteristic of a Context Honeypot System. Inf. Sec. J.: A Global Perspective 19, 3 (jan 2010), 142--152.

Digital Library

[17]

S. K. Gupta, Renu G.S. Damor, Anand Gupta, and Vikram Goyal. 2007. Luring: A framework to Induce a Suspected User into Context Honeypot. In 2nd International Annual Workshop on Digital Forensics and Incident Analysis, WDFIA 2007. IEEE Computer Society, Samos, Greece, 55--64.

Digital Library

[18]

S. K. Gupta, Anand Gupta, Renu Damor, Vikram Goyal, and Sangeeta Sabharwal. 2008. Context Honeypot: A Framework for Anticipatory Privacy Violation. In 1st International Conference on Emerging Trends in Engineering and Technology, ICETET 2008. ICETET, Nagpur, Maharashtra, India, 813--818.

Digital Library

[19]

Tiffany Hsu. 2018. Video Game Addiction Tries to Move From Basement to Doctor's Office. https://www.nytimes.com/2018/06/17/business/video-game-addiction.html

[20]

Damien C. Hull, Glenn A. Williams, and Mark D. Griffiths. 2013. Video Game Characteristics, Happiness and Flow as Predictors of Addiction Among Video Game Players: A Pilot Study. Journal of Behavioral Addictions 2, 3 (2013), 145--152.

[21]

Daria Joanna Kuss and Mark D. Griffiths. 2012. Internet Gaming Addiction: A Systematic Review of Empirical Research. International Journal of Mental Health and Addiction 10, 2 (2012), 278--296.

[22]

Jeroen S. Lemmens, Patti M. Valkenburg, and Jochen Peter. 2009. Development and Validation of a Game Addiction Scale for Adolescents. Media Psychology 12, 1 (2009), 77--95.

[23]

Renushka Madarie. 2017. Hackers' Motivations: Testing Schwartz's Theory of Motivational Types of Values in a Sample of Hackers. International Journal of Cyber Criminology 11, 1 (2017), 78--97.

[24]

Matt Malpass. 2015. Between Wit and Reason: Defining Associative, Speculative, and Critical Design in Practice. The Journal of the Design Studies Forum 7075, December (2015), 333--356.

[25]

Lennart Nacke and Anders Drachen. 2011. Towards a Framework of Player Experience Research. In Proceedings of the Second International Workshop on Evaluating Player Experience in Games at FDG 2011, Bordeaux, France. ACM, Hyannis, MA, 1--6.

[26]

Jeanne Nakamura and Mihaly Csikszentmihalyi. 2014. The Concept of Flow. In Flow and the foundations of positive psychology (1st ed.). Springer, Amsterdam, Netherlands, Chapter 16, 239--263.

[27]

Murat Odemis, Cagatay Yucel, Ahmet Koltuksuz, and Gokhan Ozbilgin. 2018. Suggesting a Honeypot Design to Capture Hacker Psychology, Personality and Sophistication. In 13th International Conference on Cyber Warfare and Security. Academic Conferences, Washington, DC, 432--438.

[28]

Karen Renaud and Merrill Warkentin. 2017. Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact. In Proceedings of the 2017 New Security Paradigms Workshop. ACM, Santa Cruz, CA, 57--69.

Digital Library

[29]

Lara Rennie and Malcolm Shore. 2007. An Advanced Model of Hacking. Security Journal 20, 4 (2007), 236--251.

[30]

Irwin Reyes, Primal Wiesekera, Abbas Razaghpanah, Joel Reardon, Narseo Vallina-Rodriguez, Serge Egelman, and Christian Kreibich. 2017. "Is Our Children's Apps Learning?" Automatically Detecting COPPA Violations. In Workshop on Technology and Consumer Protection (ConPro 2017). ACM, San Jose, CA, 1--7.

[31]

Dan Saffer. 2006. Designing for Interaction: Creating Smart Applications and Clever Devices (VOICES). Peachpit Press, Berkeley, CA, USA.

Digital Library

[32]

Speedruns Live. 2018. Speedrunning. http://www.speedrunslive.com/faq/

[33]

K. F. Steinmetz. 2014. A Badge of Honor and a Scarlet Letter: An Ethnographic Study of Hacker Culture (1st ed.). Sam Houston State University, Huntsville, TX. 502 pages.

[34]

Penelope Sweetser and Peta Wyeth. 2005. GameFlow: A Model for Evaluating Player Enjoyment in Games. Computers in Entertainment (CIE) 3, 3 (2005), 1--24.

Digital Library

[35]

Orly Turgeman-Goldschmidt. 2005. Hackers' Accounts: Hacking as a Social Entertainment. Social Science Computer Review 23, 1 (2005), 8--23.

Digital Library

[36]

Zhengchuan Xu, Qing Hu, and Chenghong Zhang. 2013. Why Computer Talents Become Computer Hackers. Commun. ACM 56, 4 (2013), 64. arXiv:arXiv:1011.1669v3

Digital Library

[37]

Randall Young, Lixuan Zhang, and Victor R. Prybutok. 2007. Hacking into the Minds of Hackers. Information Systems Management 24, 4 (2007), 281--287.

Digital Library

Cited By

Mathis FVaniea KKhamis M(2021)Prototyping Usable Privacy and Security Systems: Insights from ExpertsInternational Journal of Human–Computer Interaction10.1080/10447318.2021.1949134(1-23)Online publication date: 5-Aug-2021
https://doi.org/10.1080/10447318.2021.1949134
Sweetser P(2020)GameFlow 2020: 15 Years of a Model of Player EnjoymentProceedings of the 32nd Australian Conference on Human-Computer Interaction10.1145/3441000.3441048(705-711)Online publication date: 2-Dec-2020
https://dl.acm.org/doi/10.1145/3441000.3441048

Index Terms

Malicious User Experience Design Research for Cybersecurity
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI theory, concepts and models
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

User Experience Design and Research in Games
CHI EA '23: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems

This online course trains how user experience (UX) methods are used in a game context. The course consists of three units: UX design for games, games user research, and game analytics. The course material comes from the "Games User Research" book ...
Research on the Quantization of User Experience of Spectator Mode in Moba Games
HCI in Games: Experience Design and Game Mechanics
Abstract
In recent years, the MOBA games have been very popular all over the world, and more and more people have watched the MOBA games through the spectator mode in the game. However, compared with ordinary players participating in the game themselves, ...
User Experience Research and Design in Video Games
CHI EA '24: Extended Abstracts of the 2024 CHI Conference on Human Factors in Computing Systems
The goal of this online course is to teach participants how to use user experience (UX) methods in game design. There are three separate parts to the course plan: UX design for games, games user study, and game analytics. The course materials come from ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

NSPW '18: Proceedings of the New Security Paradigms Workshop

August 2018

139 pages

ISBN:9781450365970

DOI:10.1145/3285002

Co-chair:
Marco Carvalho
Florida Institute of Technology
,
General Chair:
Matt Bishop
University of California, Davis
,
Program Chairs:
Anil Somayaji
Carleton University
,
Wolter Pieters
Delft University of Technology
,
Publications Chair:
Mohammad Mannan
Concordia University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 August 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

NSPW '18

NSPW '18: New Security Paradigms Workshop

August 28 - 31, 2018

Windsor, United Kingdom

Acceptance Rates

NSPW '18 Paper Acceptance Rate 11 of 31 submissions, 35%;

Overall Acceptance Rate 62 of 170 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
293
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mathis FVaniea KKhamis M(2021)Prototyping Usable Privacy and Security Systems: Insights from ExpertsInternational Journal of Human–Computer Interaction10.1080/10447318.2021.1949134(1-23)Online publication date: 5-Aug-2021
https://doi.org/10.1080/10447318.2021.1949134
Sweetser P(2020)GameFlow 2020: 15 Years of a Model of Player EnjoymentProceedings of the 32nd Australian Conference on Human-Computer Interaction10.1145/3441000.3441048(705-711)Online publication date: 2-Dec-2020
https://dl.acm.org/doi/10.1145/3441000.3441048

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents