Macquarie University
01whole.pdf (13.07 MB)

Analysis and evaluation of cybersecurity awareness using a game-based approach

Download (13.07 MB)
posted on 2023-08-03, 06:45 authored by Hamed Saleh D Alqahtani

Advances in technology have increased our dependence on online activities in our daily routines, business transactions and communication. However, this has been accompanied by an increase in malicious cyber-attacks that exploit the vulnerabilities of both online systems and Internet users. A range of technical solutions has been proposed, but human beings remain the weakest link in cybersecurity. Yet users’ knowledge and awareness of the range of cybersecurity issues remains relatively under-researched, which limits efforts to develop methods of improving security awareness. The research described in this thesis focuses on one promising method of increasing users’ cybersecurity awareness and changing their behaviour to avoid cyber-attacks, namely, gamification. The main contributions of the work are as follows.

First, it presents a critical review of current literature in the field of cybersecurity, identifies significant gaps in knowledge of cybersecurity awareness among users and explores the potential of serious games to improve awareness.

Second, it proposes a conceptual framework based on Technology Threat Avoidance Theory (TTAT) to evaluate the effectiveness of an augmented reality (AR) game designed to improve users’ ability to avoid cybersecurity attacks. The framework integrated the TTAT factors (perceived susceptibility, perceived severity, fear, perceived effectiveness, self-efficacy and safeguard cost) with gender and general decision-making style (GDMS) as individual variables. The framework was validated using a cross-sectional survey of 128 students at Macquarie University, Australia. Experimental results indicated positive support for most of the proposed relationships between the TTAT factors and cybersecurity avoidance motivation, with the exception of safeguard cost. Decision-making style had a moderating effect on avoidance behaviour. The findings also indicated that females were slightly more likely to engage in risky online behaviour than their male counterparts. The proposed framework adds considerable predictive power to the TTAT model.

Third, it describes the development of a game, called CybAR, that uses augmented reality (AR) technology. The game’s design was based on a theoretical model that combined concepts from the Unified Theory of Acceptance and Use of Technology (UTAUT2) with two significant variables, namely, personality traits and gamification factors. The theoretical model was quantitatively validated using structural equation modelling to analyse data from 122 students of Macquarie University. Experimental results demonstrated the positive impact of performance expectancy, social influence, hedonic motivation and facilitating conditions on behavioural intention to avoid cyber-attacks. There was a significant relationship between the gamification factor and actual use of the CybAR app, confirming the potential of gaming techniques to increase cybersecurity awareness and, hence, avoid cybersecurity threats. The personality traits of contentiousness and extraversion had the most effect on use behaviour of the CybAR game.

Finally, a pre-test/post-test research design was used to evaluate the effectiveness of the CybAR game in changing cybersecurity avoidance behaviour among 108 students from Macquarie University, who completed the Risky Cybersecurity Behaviour scale (RScB). The survey data were evaluated quantitatively using Wilcoxon Signed-Rank tests and qualitatively using heuristic techniques. The results indicated that CybAR is a useful and practical method of increasing players’ understanding of cybersecurity issues and vulnerabilities.


Table of Contents

Chapter 1 Introduction -- Chapter 2 Literature Review -- Chapter 3 Analysis of Cybersecurity Knowledge and Awareness -- Chapter 4 Development of an Augmented Reality Game for Cybersecurity Awareness (CybAR) -- Chapter 5 The Impact of Technology Threat Avoidance Theory Constructs, Decision Making Style and Gender Differences on Cybersecurity Avoidance Behaviour -- Chapter 6 The Impact of Unified Theory of Acceptance and Use of Technology 2, Personality Traits and Gamification feature on User Acceptance of CybAR Game -- Chapter 7 Evaluation of Effectiveness and Usability of the Augmented Reality Game (CybAR) -- Chapter 8 Conclusion -- References -- Appendices

Awarding Institution

Macquarie University

Degree Type

Thesis PhD

Department, Centre or School

Department of Computing

Year of Award


Principal Supervisor

Manolya Kavakli-Thorne


Copyright: The Author Copyright disclaimer:




343 pages