Adaptive security awareness training using linked open data datasets

Cybersecurity is no longer an issue discussed only between the professionals or technologists, but it is also closely related to ordinary people whose daily life is exposed to kinds of cyberattacks. And Womabat Security Technologies conducted a survey revealed that ransomware is an unknown concept to nearly two-thirds of employees. In practical, almost 95% of cybersecurity attacks are due to human error. At fact, expensive and sophisticated systems cannot work effectively without considering the human factor, while human factor is the major vulnerability in cybersecurity. Thus, it has great significance to give people cybersecurity awareness training. In this paper, we present a system, named ASURA, providing adaptive training aimed at improving cybersecurity awareness of people. Three issues can’t be neglected in adaptive cybersecurity awareness training, as follows. Firstly, we need to decide the proper training contents from the huge training materials. Secondly, the training contents should be timely updated, as cyber attacks constantly changing. At last, we should conduct training through effective and acceptable approach. We solved above three issues in this paper, and the innovative idea of this paper is constructing hierarchical concept map from the LOD database DBpedia. Then, we employ a series of processing on hierarchical concept map, including PageRank algorithm used to calculate the importance of each concept node, and filtering used to filtered out undefined and unrelated concepts. In particular, we get training contents from DBpedia dynamically and timely updated, so that training contents is keeping up to date. ASURA delivered training contents completely online, thus significant trimmed budget and allowed learners accessing training outside of a traditional classroom. Moreover, ASURA provide adaptive training targeted to individual learner, as it generate training contents based on the keyword from the learner.

[1]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[2]  Jemal H. Abawajy,et al.  User preference of cyber security awareness delivery methods , 2014, Behav. Inf. Technol..

[3]  Albert L. Harris,et al.  The impact of information richness on information security awareness training effectiveness , 2009, Comput. Educ..

[4]  Yasuo Tan,et al.  Supporting cybersecurity education and training via LMS integration: CyLMS , 2019, Education and Information Technologies.

[5]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[6]  Jens Lehmann,et al.  DBpedia - A large-scale, multilingual knowledge base extracted from Wikipedia , 2015, Semantic Web.

[7]  D. Nicol E‐assessment by design: using multiple‐choice tests to good effect , 2007 .

[8]  Christian Bizer,et al.  DBpedia: A Multilingual Cross-domain Knowledge Base , 2012, LREC.

[9]  Eric Miller,et al.  An Introduction to the Resource Description Framework , 1998, D Lib Mag..

[10]  Jacqueline Bourdeau,et al.  Advances in Intelligent Tutoring Systems , 2010 .

[11]  Shamal Faily,et al.  Persona-centred information security awareness , 2017, Comput. Secur..

[12]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[13]  Jason R. C. Nurse,et al.  Cyber Security Awareness Campaigns: Why do they fail to change behaviour? , 2014, ArXiv.

[14]  Jaap M. J. Murre,et al.  Replication and Analysis of Ebbinghaus’ Forgetting Curve , 2015, PloS one.

[15]  Jens Lehmann,et al.  DBpedia: A Nucleus for a Web of Open Data , 2007, ISWC/ASWC.

[16]  Tim Berners-Lee,et al.  Linked Data - The Story So Far , 2009, Int. J. Semantic Web Inf. Syst..

[17]  Jens Lehmann,et al.  DBpedia - A crystallization point for the Web of Data , 2009, J. Web Semant..

[18]  Taher H. Haveliwala Topic-Sensitive PageRank: A Context-Sensitive Ranking Algorithm for Web Search , 2003, IEEE Trans. Knowl. Data Eng..

[19]  Charles R. Kelley,et al.  What is Adaptive Training?1 , 1969 .

[20]  Navneet Kaur,et al.  Analysis of the Depth First Search Algorithms , 2012 .

[21]  Loc Nguyen,et al.  Learner Model in Adaptive Learning , 2008 .

[22]  F. Aloul The Need for Effective Information Security Awareness , 2011 .