Enhancing Cybersecurity Learning with In-Game Feedback

Abstract

This paper presents the development and evaluation of The XSS Game (TXG), an enhanced multi-opposing-role-playing educational game designed to teach Cross-Site Scripting (XSS) attacks to second-year undergraduate computer science students. TXG enables players to assume three distinct roles: Attacker, Defender (Developer), and User, each offering unique perspectives on cybersecurity challenges. Building upon feedback from the evaluation of TXG Version 1, this study focuses on incorporating various types of in-game feedback (affirming, reflective, explanatory, and personalised) and introducing a player statboard to enhance student engagement, motivation, and knowledge retention. TXG Version 2 incorporates a variety of feedback types aimed at reinforcing learning and promoting self-reflection. Confirmatory feedback helps players quickly assess the correctness of their answers, while explanatory feedback provides in-depth reasoning to enhance understanding. Affirming feedback is used to motivate players, particularly when they succeed in completing roles, and personalised feedback offers tailored guidance based on players' individual progress. The player statboard is introduced as a central feature, displaying player achievements, skills, and progression throughout the game, offering real-time feedback to sustain engagement and foster continued learning. Expert evaluations of TXG Version 2 indicated that the diverse feedback mechanisms, especially personalised feedback and the statboard, were effective in promoting learner engagement and self-reflection. However, the evaluations also identified areas for improvement, particularly regarding the clarity and readability of the feedback and statboard, while suggesting potential UI/UX enhancements. The study posits that with the suggested improvements, TXG Version 2 offers significant potential for improving cybersecurity education through a dynamic, engaging, and interactive gameplay experience. This study contributes to existing research on game-based learning by showcasing how game mechanics such as multi-opposing roles, simulations, in-game feedback and player statboards, can be integrated to enhance the learning of complex cybersecurity concepts. Furthermore, it provides a development framework for creating educational games in cybersecurity and beyond, demonstrating the effectiveness of a flexible, interactive, and immersive approach to teaching critical security concepts.