Ontology-based Modelling for Cyber Security E-Learning and Training

Menelaos N. Katsantonis, Ioannis Mavridis

The Conceptual Framework for e-Learning and Training (COFELET) constitutes a design standard for the enhancement of cyber security education by guiding the development of effective game-based approaches (e.g., serious games). The COFELET framework envisages cyber security serious games as highly organized and parameterized learning environments which monitor learner’s actions, evaluate their efforts and adapt to their needs. To this end, the COFELET framework employs well known cyber security standards (e.g., MITRE’s CAPEC, Lockheed Martin’s Cyber Kill Chain model or CKC) as a vehicle for organizing educational environments which model learners’ actions and strategies. In this light, the COFELET ontology is proposed aiming at providing a foundation for the development of a universal knowledge base for modeling such environments. The COFELET ontology provides an analytical description of the key elements of COFELET’s compliant serious games along with the appropriate classes and their properties. These elements include the cyber security domain elements that model the actions attackers perform to unleash cyber security attacks (i.e., the tasks) and the strategies they employ to achieve their malicious objectives (e.g., CAPEC’s attack patterns, the CKC model). The cyber security domain elements are associated with the educational elements (e.g., hints, utilized knowledge, exercised skills) that provide the means to infuse the didactics in the COFELET compliant approaches. A set of instances is presented to provide a better appreciation of the COFELET ontology rational, usage and usefulness. The proposed ontology is a cause and effect of the design and development process of a prototype COFELET compliant game.