Visible to the public Biblio

Found 1273 results

Filters: First Letter Of Title is C  [Clear All Filters]
A B [C] D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
Pham, Cuong, Tang, Dat, Chinen, Ken-ichi, Beuran, Razvan.  2016.  CyRIS: A Cyber Range Instantiation System for Facilitating Security Training. Proceedings of the Seventh Symposium on Information and Communication Technology. :251–258.

Cyber ranges are well-defined controlled virtual environments used in cybersecurity training as an efficient way for trainees to gain practical knowledge through hands-on activities. However, creating an environment that contains all the necessary features and settings, such as virtual machines, network topology and security-related content, is not an easy task, especially for a large number of participants. Therefore, we propose CyRIS (Cyber Range Instantiation System) as a solution towards this problem. CyRIS provides a mechanism to automatically prepare and manage cyber ranges for cybersecurity education and training based on specifications defined by the instructors. In this paper, we first describe the design and implementation of CyRIS, as well as its utilization. We then present an evaluation of CyRIS in terms of feature coverage compared to the Technical Guide to Information Security Testing and Assessment of the U.S National Institute of Standards and Technology, and in terms of functionality compared to other similar tools. We also discuss the execution performance of CyRIS for several representative scenarios.

Karbab, ElMouatez Billah, Debbabi, Mourad, Derhab, Abdelouahid, Mouheb, Djedjiga.  2016.  Cypider: Building Community-based Cyber-defense Infrastructure for Android Malware Detection. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :348–362.

The popularity of Android OS has dramatically increased malware apps targeting this mobile OS. The daily amount of malware has overwhelmed the detection process. This fact has motivated the need for developing malware detection and family attribution solutions with the least manual intervention. In response, we propose Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building an efficient and scalable similarity network infrastructure of malicious apps. Our detection method is based on a novel concept, namely malicious community, in which we consider, for a given family, the instances that share common features. Under this concept, we assume that multiple similar Android apps with different authors are most likely to be malicious. Cypider leverages this assumption for the detection of variants of known malware families and zero-day malware. It is important to mention that Cypider does not rely on signature-based or learning-based patterns. Alternatively, it applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and most likely malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a learning model for each malicious community. Cypider shows excellent results by detecting about 50% of the malware dataset in one detection iteration. Besides, the preliminary results of the community fingerprint are promising as we achieved 87% of the detection.

Han, Weiheng, Cai, Weiwei, Zhang, Guangjia, Yu, Weiguo, Pan, Junjun, Xiang, Longyun, Ning, Tao.  2021.  Cyclic Verification Method of Security Control System Strategy Table Based on Constraint Conditions and Whole Process Dynamic Simulation. 2021 IEEE/IAS Industrial and Commercial Power System Asia (I CPS Asia). :698—703.

The correctness of security control system strategy is very important to ensure the stability of power system. Aiming at the problem that the current security control strategy verification method is not enough to match the increasingly complex large power grid, this paper proposes a cyclic verification method of security control system strategy table based on constraints and whole process dynamic simulation. Firstly, the method is improved based on the traditional security control strategy model to make the strategy model meet certain generalization ability; And on the basis of this model, the cyclic dynamic verification of the strategy table is realized based on the constraint conditions and the whole process dynamic simulation, which not only ensures the high accuracy of strategy verification for the security control strategy of complex large power grid, but also ensures that the power system is stable and controllable. Finally, based on a certain regional power system, the optimal verification of strategy table verification experiment is realized. The experimental results show that the average processing time of the proposed method is 10.32s, and it can effectively guarantee the controllability and stability of power grid.

Matthews, I., Mace, J., Soudjani, S., Moorsel, A. van.  2020.  Cyclic Bayesian Attack Graphs: A Systematic Computational Approach. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :129–136.
Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.
Naik, Nitin, Jenkins, Paul, Savage, Nick, Yang, Longzhi.  2019.  Cyberthreat Hunting - Part 2: Tracking Ransomware Threat Actors Using Fuzzy Hashing and Fuzzy C-Means Clustering. 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1–6.

Threat actors are constantly seeking new attack surfaces, with ransomeware being one the most successful attack vectors that have been used for financial gain. This has been achieved through the dispersion of unlimited polymorphic samples of ransomware whilst those responsible evade detection and hide their identity. Nonetheless, every ransomware threat actor adopts some similar style or uses some common patterns in their malicious code writing, which can be significant evidence contributing to their identification. he first step in attempting to identify the source of the attack is to cluster a large number of ransomware samples based on very little or no information about the samples, accordingly, their traits and signatures can be analysed and identified. T herefore, this paper proposes an efficient fuzzy analysis approach to cluster ransomware samples based on the combination of two fuzzy techniques fuzzy hashing and fuzzy c-means (FCM) clustering. Unlike other clustering techniques, FCM can directly utilise similarity scores generated by a fuzzy hashing method and cluster them into similar groups without requiring additional transformational steps to obtain distance among objects for clustering. Thus, it reduces the computational overheads by utilising fuzzy similarity scores obtained at the time of initial triaging of whether the sample is known or unknown ransomware. The performance of the proposed fuzzy method is compared against k-means clustering and the two fuzzy hashing methods SSDEEP and SDHASH which are evaluated based on their FCM clustering results to understand how the similarity score affects the clustering results.

Naik, Nitin, Jenkins, Paul, Savage, Nick, Yang, Longzhi.  2019.  Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules. 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1–6.

Ransomware is currently one of the most significant cyberthreats to both national infrastructure and the individual, often requiring severe treatment as an antidote. Triaging ran-somware based on its similarity with well-known ransomware samples is an imperative preliminary step in preventing a ransomware pandemic. Selecting the most appropriate triaging method can improve the precision of further static and dynamic analysis in addition to saving significant t ime a nd e ffort. Currently, the most popular and proven triaging methods are fuzzy hashing, import hashing and YARA rules, which can ascertain whether, or to what degree, two ransomware samples are similar to each other. However, the mechanisms of these three methods are quite different and their comparative assessment is difficult. Therefore, this paper presents an evaluation of these three methods for triaging the four most pertinent ransomware categories WannaCry, Locky, Cerber and CryptoWall. It evaluates their triaging performance and run-time system performance, highlighting the limitations of each method.

Dionísio, Nuno, Alves, Fernando, Ferreira, Pedro M., Bessani, Alysson.  2019.  Cyberthreat Detection from Twitter using Deep Neural Networks. 2019 International Joint Conference on Neural Networks (IJCNN). :1—8.

To be prepared against cyberattacks, most organizations resort to security information and event management systems to monitor their infrastructures. These systems depend on the timeliness and relevance of the latest updates, patches and threats provided by cyberthreat intelligence feeds. Open source intelligence platforms, namely social media networks such as Twitter, are capable of aggregating a vast amount of cybersecurity-related sources. To process such information streams, we require scalable and efficient tools capable of identifying and summarizing relevant information for specified assets. This paper presents the processing pipeline of a novel tool that uses deep neural networks to process cybersecurity information received from Twitter. A convolutional neural network identifies tweets containing security-related information relevant to assets in an IT infrastructure. Then, a bidirectional long short-term memory network extracts named entities from these tweets to form a security alert or to fill an indicator of compromise. The proposed pipeline achieves an average 94% true positive rate and 91% true negative rate for the classification task and an average F1-score of 92% for the named entity recognition task, across three case study infrastructures.

Koutsouris, Nikolaos, Vassilakis, Costas, Kolokotronis, Nicholas.  2021.  Cyber-Security Training Evaluation Metrics. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :192—197.
Cyber-security training has evolved into an imperative need, aiming to provide cyber-security professionals with the knowledge and skills required to confront cyber-attacks that are increasing in number and sophistication. Training activities are typically associated with evaluation means, aimed to assess the extent to which the trainee has acquired the knowledge and skills whose development is targeted by the training programme, while cyber-security awareness and skill level evaluation means may be used to support additional security-related aspects of organizations. In this paper, we review trainee performance assessment metrics in cyber-security training, aiming to assist designers of cyber-security training activities to identify the most prominent trainee performance assessment means for their training programmes, while additional research directions involving cyber-security training evaluation metrics are also identified.
Kim, Jaewon, Ko, Woo-Hyun, Kumar, P. R..  2021.  Cyber-Security through Dynamic Watermarking for 2-rotor Aerial Vehicle Flight Control Systems. 2021 International Conference on Unmanned Aircraft Systems (ICUAS). :1277–1283.
We consider the problem of security for unmanned aerial vehicle flight control systems. To provide a concrete setting, we consider the security problem in the context of a helicopter which is compromised by a malicious agent that distorts elevation measurements to the control loop. This is a particular example of the problem of the security of stochastic control systems under erroneous observation measurements caused by malicious sensors within the system. In order to secure the control system, we consider dynamic watermarking, where a private random excitation signal is superimposed onto the control input of the flight control system. An attack detector at the actuator can then check if the reported sensor measurements are appropriately correlated with the private random excitation signal. This is done via two specific statistical tests whose violation signifies an attack. We apply dynamic watermarking technique to a 2-rotor-based 3-DOF helicopter control system test-bed. We demonstrate through both simulation and experimental results the performance of the attack detector on two attack models: a stealth attack, and a random bias injection attack.
Winnefeld Jr., James A.(Sandy), Christopher Kirchhoff, David M. Upton.  2015.  Cybersecurity’s Human Factor: Lessons from the Pentagon. Harvard Business Review.

The vast majority of companies are more exposed to cyberattacks than they have to be. To close the gaps in their security, CEOs can take a cue from the U.S. military. Once a vulnerable IT colossus, it is becoming an adroit operator of well-defended networks. Today the military can detect and remedy intrusions within hours, if not minutes. From September 2014 to June 2015 alone, it repelled more than 30 million known malicious attacks at the boundaries of its networks. Of the small number that did get through, fewer than 0.1% compromised systems in any way. Given the sophistication of the military’s cyberadversaries, that record is a significant feat.

Rodrigues, André Filipe, Monteiro, Bruno Miguel, Pedrosa, Isabel.  2021.  Cybersecurity risks : A behavioural approach through the influence of media and information literacy. 2021 16th Iberian Conference on Information Systems and Technologies (CISTI). :1–6.
The growing use of digital media has been accompanied by an increase of the risks associated with the use of information systems, notably cybersecurity risks. In turn, the increasing use of information systems has an impact on users' media and information literacy. This research aims to address the relationship between media and information literacy, and the adoption of risky cybersecurity behaviours. This approach will be carried out through the definition of a conceptual framework supported by a literature review, and a quantitative research of the relationships mentioned earlier considering a sample composed by students of a Higher Education Institution.
Fejrskov, M., Pedersen, J. M., Vasilomanolakis, E..  2020.  Cyber-security research by ISPs: A NetFlow and DNS Anonymization Policy. :1—8.

Internet Service Providers (ISPs) have an economic and operational interest in detecting malicious network activity relating to their subscribers. However, it is unclear what kind of traffic data an ISP has available for cyber-security research, and under which legal conditions it can be used. This paper gives an overview of the challenges posed by legislation and of the data sources available to a European ISP. DNS and NetFlow logs are identified as relevant data sources and the state of the art in anonymization and fingerprinting techniques is discussed. Based on legislation, data availability and privacy considerations, a practically applicable anonymization policy is presented.

Kriz, Danielle.  2011.  Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. 2011 Second Worldwide Cybersecurity Summit (WCS). :1–3.
To better inform the public cybersecurity discussion, in January 2011 the Information Technology Industry Council (ITI) developed a comprehensive set of cybersecurity principles for industry and government [1]. ITI's six principles aim to provide a useful and important lens through which any efforts to improve cybersecurity should be viewed.
Langone, M., Setola, R., Lopez, J..  2017.  Cybersecurity of Wearable Devices: An Experimental Analysis and a Vulnerability Assessment Method. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:304–309.

The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.

Strielkina, Anastasiia, Illiashenko, Oleg, Zhydenko, Marina, Uzun, Dmytro.  2018.  Cybersecurity of healthcare IoT-based systems: Regulation and case-oriented assessment. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). :67–73.
The paper deals with exponentially growing technology - Internet of Things (IoT) in the field of healthcare. It is spoken about the networked healthcare and medical architecture. The attention is given to the analysis of the international regulations on medical and healthcare cybersecurity. For building a trustworthy healthcare IoT solution, a developed normative hierarchical model of the international cybersecurity standards is provided. For cybersecurity assessment of such systems the case-oriented technique, which includes Advanced Security Assurance Case (ASAC) and an example on a wireless insulin pump of its application are provided.
Hellman, Martin E..  2016.  Cybersecurity, Nuclear Security, Alan Turing, and Illogical Logic. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1–2.

My work that is being recognized by the 2015 ACM A. M. Turing Award is in cybersecurity, while my primary interest for the last thirty-five years is concerned with reducing the risk that nuclear deterrence will fail and destroy civilization. This Turing Lecture draws connections between those seemingly disparate areas as well as Alan Turing's elegant proof that the computable real numbers, while denumerable, are not effectively denumerable.

Stafford, Tom.  2017.  On Cybersecurity Loafing and Cybercomplacency. SIGMIS Database. 48:8–10.
As we begin to publish more articles in the area of cybersecurity, a case in point being the fine set of security papers presented in this particular issue as well as the upcoming special issue on Advances in Behavioral Cybersecurity Research which is currently in the review phase, it comes to mind that there is an emerging rubric of interest to the research community involved in security. That rubric concerns itself with the increasingly odd and inexplicable degree of comfort that computer users appear to have while operating in an increasingly threat-rich online environment. In my own work, I have noticed over time that users are blissfully unconcerned about malware threats (Poston et al., 2005; Stafford, 2005; Stafford and Poston, 2010; Stafford and Urbaczewski, 2004). This often takes the avenue of "it can't happen to me," or, "that's just not likely," but the fact is, since I first started noticing this odd nonchalance it seems like it is only getting worse, generally speaking. Mind you, a computer user who has been exploited and suffered harm from it will be vigilant to the end of his or her days, but for those who have scraped by, "no worries," is the order of the day, it seems to me. This is problematic because the exploits that are abroad in the online world these days are a whole order of magnitude more harmful than those that were around when I first started studying the matter a decade ago. I would not have commented on the matter, having long since chalked it up to the oddities of civilian computing, so to speak, but an odd pattern I encountered when engaging in a research study with trained corporate users brought the matter back to the fore recently. I have been collecting neurocogntive data on user response to security threats, and while my primary interest was to see if skin conductance or pupillary dilation varied during exposure to computer threat scenarios, I noticed an odd pattern that commanded my attention and actually derailed my study for a while as I dug in to examine it.
Lau, Pikkin, Wei, Wei, Wang, Lingfeng, Liu, Zhaoxi, Ten, Chee-Wooi.  2020.  A Cybersecurity Insurance Model for Power System Reliability Considering Optimal Defense Resource Allocation. IEEE Transactions on Smart Grid. 11:4403–4414.
With the increasing application of Information and Communication Technologies (ICTs), cyberattacks have become more prevalent against Cyber-Physical Systems (CPSs) such as the modern power grids. Various methods have been proposed to model the cybersecurity threats, but so far limited studies have been focused on the defensive strategies subject to the limited security budget. In this paper, the power supply reliability is evaluated considering the strategic allocation of defense resources. Specifically, the optimal mixed strategies are formulated by the Stackelberg Security Game (SSG) to allocate the defense resources on multiple targets subject to cyberattacks. The cyberattacks against the intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) system are mathematically modeled by Semi-Markov Process (SMP) kernel. The intrusion tolerance capability of the SCADA system provides buffered residence time before the substation failure to enhance the network robustness against cyberattacks. Case studies of the cyberattack scenarios are carried out to demonstrate the intrusion tolerance capability. Depending on the defense resource allocation scheme, the intrusion-tolerant SCADA system possesses varying degrees of self-healing capability to restore to the good state and prevent the substations from failure. If more defense resources are invested on the substations, the intrusion tolerant capability can be further enhanced for protecting the substations. Finally, the actuarial insurance principle is designed to estimate transmission companies' individual premiums considering correlated cybersecurity risks. The proposed insurance premium principle is designed to provide incentive for investments on enhancing the intrusion tolerance capability, which is verified by the results of case studies.
Chatfield, A. T., Reddick, C. G..  2017.  Cybersecurity Innovation in Government: A Case Study of U.S. Pentagon's Vulnerability Reward Program. Proceedings of the 18th Annual International Conference on Digital Government Research. :64–73.
The U.S. federal governments and agencies face increasingly sophisticated and persistent cyber threats and cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo have adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. This paper examines the Pentagon's VRP and examines how it may fit with the national cybersecurity policy and the need for new and enhanced cybersecurity capability development. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture.
Kaneko, Tomoko, Yoshioka, Nobukazu, Sasaki, Ryoichi.  2021.  Cyber-Security Incident Analysis by Causal Analysis using System Theory (CAST). 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :806–815.
STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.
AlMedires, Motaz, AlMaiah, Mohammed.  2021.  Cybersecurity in Industrial Control System (ICS). 2021 International Conference on Information Technology (ICIT). :640–647.
The paper gives an overview of the ICS security and focuses on Control Systems. Use of internet had security challenges which led to the development of ICS which is designed to be dependable and safe. PCS, DCS and SCADA all are subsets of ICS. The paper gives a description of the developments in the ICS security and covers the most interesting work done by researchers. The paper also provides research information about the parameters on which a remotely executed cyber-attack depends.
Bertino, E., Hartman, N. W..  2015.  Cybersecurity for product lifecycle management a research roadmap. 2015 IEEE International Conference on Intelligence and Security Informatics (ISI). :114–119.

This paper introduces a research agenda focusing on cybersecurity in the context of product lifecycle management. The paper discusses research directions on critical protection techniques, including protection techniques from insider threat, access control systems, secure supply chains and remote 3D printing, compliance techniques, and secure collaboration techniques. The paper then presents an overview of DBSAFE, a system for protecting data from insider threat.

Schwab, Stephen, Kline, Erik.  2019.  Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :94–102.
Cybersecurity Experimentation is often viewed narrowly in terms of a single technology or experiment. This paper reviews the experimentation life-cycle for two large scale research efforts that span multiple technologies. We identify salient aspects of each cybersecurity program, and capture guidelines based on eight years of experience. Extrapolating, we identify four principles for building future experimental infrastructure: 1) Reduce the cognitive burden on experimenters when designing and operating experiments. 2) Allow experimenters to encode their goals and constraints. 3) Provide flexibility in experimental design. 4) Provide multifaceted guidance to help experimenters produce high-quality experiments. By following these principles, future cybersecurity testbeds can enable significantly higher-quality experiments.
Ahmadian, Saeed, Ebrahimi, Saba, Malki, Heidar.  2021.  Cyber-Security Enhancement of Smart Grid's Substation Using Object's Distance Estimation in Surveillance Cameras. 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). :0631–0636.
Cyber-attacks toward cyber-physical systems are one of the main concerns of smart grid's operators. However, many of these cyber-attacks, are toward unmanned substations where the cyber-attackers needs to be close enough to substation to malfunction protection and control systems in substations, using Electromagnetic signals. Therefore, in this paper, a new threat detection algorithm is proposed to prevent possible cyber-attacks toward unmanned substations. Using surveillance camera's streams and based on You Only Look Once (YOLO) V3, suspicious objects in the image are detected. Then, using Intersection over Union (IOU) and Generalized Intersection Over Union (GIOU), threat distance is estimated. Finally, the estimated threats are categorized into three categories using color codes red, orange and green. The deep network used for detection consists of 106 convolutional layers and three output prediction with different resolutions for different distances. The pre-trained network is transferred from Darknet-53 weights trained on 80 classes.
Thomas, L. J., Balders, M., Countney, Z., Zhong, C., Yao, J., Xu, C..  2019.  Cybersecurity Education: From Beginners to Advanced Players in Cybersecurity Competitions. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :149—151.

Cybersecurity competitions have been shown to be an effective approach for promoting student engagement through active learning in cybersecurity. Players can gain hands-on experience in puzzle-based or capture-the-flag type tasks that promote learning. However, novice players with limited prior knowledge in cybersecurity usually found difficult to have a clue to solve a problem and get frustrated at the early stage. To enhance student engagement, it is important to study the experiences of novices to better understand their learning needs. To achieve this goal, we conducted a 4-month longitudinal case study which involves 11 undergraduate students participating in a college-level cybersecurity competition, National Cyber League (NCL) competition. The competition includes two individual games and one team game. Questionnaires and in-person interviews were conducted before and after each game to collect the players' feedback on their experience, learning challenges and needs, and information about their motivation, interests and confidence level. The collected data demonstrate that the primary concern going into these competitions stemmed from a lack of knowledge regarding cybersecurity concepts and tools. Players' interests and confidence can be increased by going through systematic training.