This week, I worked on our SIGITE research paper, formed graphics to represent data collected from our current game, read 3 new articles on DDoS attacks and defense, and reviewed the mechanics of our current game to see what needed to be improved. I began the week by creating the structure for our SIGITE research paper for SIGITE 2017: 18th Annual Conference on IT Education. First, I spent a few hours reviewing other SIGITE published research papers to understand the general format necessary. Two of the papers I reviewed are as follows:

After reading through these papers, I began putting together the format for our research paper. I wrote the abstract to summarize what is currently being done in our field regarding our topic, our approach to the topic through game creation, our purpose for creating it, the overall goal we intended for this to meet, and whether results were derived from our work. My partner played a significant role in detailing the specifics of creating the game (getting assets, programming actions, etc.) while I added in game mechanic choices and UI/UX aesthetic. Furthermore, we also looked over the data we collected so far through player experience. The most important decision to be made was deciding what data was relevant to the goal we intended to reach. Overall, it was decided that player attempts per person, player scores per person, overall improvement, and pass attempts were our most relevant data to analyze.

The following is an example of an excel spreadsheet containing the data described above:

We also made a bar and pie chart representation of this data:

This data was used as the central support for the effectiveness of our research at this stage. Overall, the data suggest that our game has been a useful tool in teaching individuals with little to no prior experience with phishing or cyber security concepts about these subjects.

I also spent time researching and reading more about DDoS for our upcoming game. One of the articles that I read, "Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services", described using DDoS as a tool to extort, harass and intimidate businesses and people by taking them offline. For large businesses, being offline even for a few minutes can be very damaging to the overall infastructure. This helped me gain a clearer view on how this attack can not only be used as a nuisance for individuals and corporations, but also as a threat to gain leverage over others. This is a mechanic I will highly considering making a part of our next game.

Lastly, I went back to look through the code of our current game to see what features could be improved or implemented to increase the success of using it as a teaching tool. One idea I had was to add in a comparison to other information people are already familiar with. One thought was comparing phishing to buying a car that looks great but has no actual parts that a car should have. This would further help people understand the idea of deception when dealing with phish. I also began putting together other phishing facts to expand the current pool of tips and questions in our game. Additionally, our research professor also described to us the need for a timer to see how long players spend on the question portion of our game. For know, the problem I face is creating a timer that either runs from the moment the first question appears to the last, or a timer that runs for each individual question. With each individual question, we would have the ability to look into the log to know exactly what question gave players the most difficulty.