{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T08:42:54Z","timestamp":1774946574085,"version":"3.50.1"},"reference-count":48,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2020,2,21]],"date-time":"2020-02-21T00:00:00Z","timestamp":1582243200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The number of damaging cyberattacks is increasing exponentially due in part to lack of user awareness of risky online practices, such as visiting unsafe websites, ignoring warning messages, and communicating with unauthenticated entities. Although research has established the role that game-based learning can play in cognitive development and conceptual learning, relatively few serious mobile games have been developed to educate users about different forms of cyberattack and ways of avoiding them. This paper reports the development of an effective augmented reality (AR) game designed to increase cybersecurity awareness and knowledge in an active and entertaining way. The Cybersecurity Awareness using Augmented Reality (CybAR) game is an AR mobile application that teaches not only cybersecurity concepts, but also demonstrates the consequences of actual cybersecurity attacks through feedback. The design and evaluation of the application are described in detail. A survey was conducted to verify the effectiveness of the game received positive responses from 91 participants. The results indicate that CybAR is useful for players to develop an understanding of cybersecurity attacks and vulnerabilities.<\/jats:p>","DOI":"10.3390\/info11020121","type":"journal-article","created":{"date-parts":[[2020,2,21]],"date-time":"2020-02-21T10:49:16Z","timestamp":1582282156000},"page":"121","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":63,"title":["Design and Evaluation of an Augmented Reality Game for Cybersecurity Awareness (CybAR)"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6427-7768","authenticated-orcid":false,"given":"Hamed","family":"Alqahtani","sequence":"first","affiliation":[{"name":"Department of Computing, Macquarie University, Sydney 2113, Australia"}]},{"given":"Manolya","family":"Kavakli-Thorne","sequence":"additional","affiliation":[{"name":"Department of Computing, Macquarie University, Sydney 2113, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2020,2,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Moallem, A. (2019). Cybersecurity Awareness Among Students and Faculty, CRC Press.","DOI":"10.1201\/9780429031908"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J.D., and Hearst, M. (2006). Why phishing works. Proceedings of the SIGCHI conference on Human Factors in Computing Systems, ACM.","DOI":"10.1145\/1124772.1124861"},{"key":"ref_3","unstructured":"Hui, C.P. (2007). How to study home users. TKK T-110.5190, Seminar on Internetworking, Citeseer."},{"key":"ref_4","unstructured":"Ciampa, M. (2013). Security Awareness: Applying Practical Security in Your World, Cengage Learning."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Howard, D., and Prince, K. (2010). Security 2020: Reduce Security Risks This Decade, Wiley Publishing.","DOI":"10.1002\/9781118255803"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1650007","DOI":"10.1142\/S0219649216500076","article-title":"A study of cyber security awareness in educational environment in the middle east","volume":"15","year":"2016","journal-title":"J. Inf. Knowl. Manag."},{"key":"ref_7","first-page":"660","article-title":"A review of using gaming technology for cyber-security awareness","volume":"6","author":"Alotaibi","year":"2016","journal-title":"Int. J. Inf. Secur. Res. (IJISR)"},{"key":"ref_8","unstructured":"Conway, D., Taib, R., Harris, M., Yu, K., Berkovsky, S., and Chen, F. (2017, January 12\u201314). A qualitative investigation of bank employee experiences of information security and phishing. Proceedings of the Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017), Santa Clara, CA, USA."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1145\/1754393.1754396","article-title":"Teaching Johnny not to fall for phish","volume":"10","author":"Kumaraguru","year":"2010","journal-title":"ACM Trans. Internet Technol. (TOIT)"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1080\/13676261.2015.1048200","article-title":"Video gaming in adolescence: factors associated with leisure time use","volume":"19","author":"Brooks","year":"2016","journal-title":"J. Youth Stud."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"661","DOI":"10.1016\/j.compedu.2012.03.004","article-title":"A systematic literature review of empirical evidence on computer games and serious games","volume":"59","author":"Connolly","year":"2012","journal-title":"Comput. Educ."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Shumaker, R. (2011). Virtual and Mixed Reality-Systems and Applications: International Conference, Virtual and Mixed Reality 2011, Held as Part of HCI International 2011, Orlando, FL, USA, 9\u201314 July 2011, Proceedings, Springer.","DOI":"10.1007\/978-3-642-22024-1"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1704","DOI":"10.1001\/jama.2011.408","article-title":"Interactive games to promote behavior change in prevention and treatment","volume":"305","author":"Read","year":"2011","journal-title":"JAMA"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1085","DOI":"10.1007\/s00371-009-0387-4","article-title":"Optimising engagement for stroke rehabilitation using serious games","volume":"25","author":"Burke","year":"2009","journal-title":"Vis. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Deterding, S., Dixon, D., Khaled, R., and Nacke, L. (2011). From game design elements to gamefulness: Defining gamification. Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments, ACM.","DOI":"10.1145\/2181037.2181040"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Wen, Z.A., Lin, Z., Chen, R., and Andersen, E. (2019). What. Hack: Engaging Anti-Phishing Training through a Role-playing Phishing Simulation Game. Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, ACM.","DOI":"10.1145\/3290605.3300338"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Alqahtani, H., and Kavakli, M. (2017). iMAP-CampUS (an Intelligent Mobile Augmented Reality Program on Campus as a Ubiquitous System): A Theoretical Framework to Measure User\u2019s Behavioural Intention. Proceedings of the 9th International Conference on Computer and Automation Engineering, ACM.","DOI":"10.1145\/3057039.3057086"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Alqahtani, H., and Kavakli, M. (2017). iMAP-CampUS: Developing an Intelligent Mobile Augmented Reality Program on Campus as a Ubiquitous System. Proceedings of the 9th International Conference on Computer and Automation Engineering, ACM.","DOI":"10.1145\/3057039.3057062"},{"key":"ref_19","first-page":"37","article-title":"Analysis of the Technology Acceptance Theoretical Model in Examining Users Behavioural Intention to Use an Augmented Reality App (IMAP-Campus)","volume":"8","author":"Alqahtani","year":"2018","journal-title":"Int. J. Eng. Manag. Res. (IJEMR)"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Lave, J., and Wenger, E. (1991). Situated Learning: Legitimate Peripheral Participation, Cambridge University Press.","DOI":"10.1017\/CBO9780511815355"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Markouzis, D., and Fessakis, G. (2015, January 19\u201320). Interactive Storytelling and Mobile Augmented Reality Applications for Learning and Entertainment A rapid prototyping perspective. Proceedings of the 9th International Conference on Interactive Mobile Communication, Technologies and Learning (IMCL2015), Thessaloniki, Greece.","DOI":"10.1109\/IMCTL.2015.7359544"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/09523987.2014.889400","article-title":"Augmented Reality in education\u2013cases, places and potentials","volume":"51","author":"Bower","year":"2014","journal-title":"Educ. Media Int."},{"key":"ref_23","unstructured":"Thompson, M.F., and Irvine, C.E. (2014, January 18). CyberCIEGE scenario design and implementation. Proceedings of the 2014 {USENIX} Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, USA."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Liang, H., and Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Q., 71\u201390. Available online: https:\/\/www.jstor.org\/stable\/20650279.","DOI":"10.2307\/20650279"},{"key":"ref_25","first-page":"394","article-title":"Understanding security behaviors in personal computer usage: A threat avoidance perspective","volume":"11","author":"Liang","year":"2010","journal-title":"J. Assoc. Inf. Syst."},{"key":"ref_26","unstructured":"Misra, G., Arachchilage, N.A.G., and Berkovsky, S. (2017). Phish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks. arXiv."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.17645\/pag.v6i2.1569","article-title":"Global Cybersecurity: New Directions in Theory and Methods","volume":"6","author":"Stevens","year":"2018","journal-title":"Politics Gov."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Kassicieh, S., Lipinski, V., and Seazzu, A.F. (2015, January 2\u20136). Human centric cyber security: what are the new trends in data protection?. Proceedings of the IEEE 2015 Portland International Conference on Management of Engineering and Technology (PICMET), Portland, OR, USA.","DOI":"10.1109\/PICMET.2015.7273084"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J., and Nunge, E. (2007). Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. Proceedings of the 3rd Symposium on Usable Privacy and Security, ACM.","DOI":"10.1145\/1280680.1280692"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1016\/j.chb.2016.02.065","article-title":"Phishing threat avoidance behaviour: An empirical investigation","volume":"60","author":"Arachchilage","year":"2016","journal-title":"Comput. Hum. Behav."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1109\/MSP.2011.179","article-title":"Security education against phishing: A modest proposal for a major rethink","volume":"10","author":"Kirlappos","year":"2011","journal-title":"IEEE Secur. Priv."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/j.infsof.2017.12.002","article-title":"Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG)","volume":"95","author":"Yasin","year":"2018","journal-title":"Inf. Softw. Technol."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Jin, G., Tu, M., Kim, T.H., Heffron, J., and White, J. (2018). Game based cybersecurity training for high school students. Proceedings of the 49th ACM Technical Symposium on Computer Science Education, ACM.","DOI":"10.1145\/3159450.3159591"},{"key":"ref_34","unstructured":"Gondree, M., and Peterson, Z.N. (2013, January 12). Valuing security by getting [d0x3d!]: Experiences with a network security board game. Proceedings of the Presented at Part of the 6th Workshop on Cyber Security Experimentation and Test, Washington, DC, USA."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Denning, T., Lerner, A., Shostack, A., and Kohno, T. (2013). Control-Alt-Hack: The design and evaluation of a card game for computer security awareness and education. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, ACM.","DOI":"10.1145\/2508859.2516753"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MSP.2010.58","article-title":"Protection poker: The new software security \u201cgame\u201d","volume":"8","author":"Williams","year":"2010","journal-title":"IEEE Secur. Priv."},{"key":"ref_37","unstructured":"Mirkovic, J., and Peterson, P.A. (2014, January 18). Class capture-the-flag exercises. Proceedings of the 2014 {USENIX} Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, USA."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1162\/pres.1997.6.4.355","article-title":"A survey of augmented reality","volume":"6","author":"Azuma","year":"1997","journal-title":"Presence Teleoperators Virtual Environ."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Hendrix, M., Al-Sherbaz, A., and Bloom, V. (2016). Game based cyber security training: Are serious games suitable for cyber security training?. Int. J. Serious Games, 3.","DOI":"10.17083\/ijsg.v3i1.107"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1145\/1539024.1508881","article-title":"Engaging students through mobile game development","volume":"Volume 41","author":"Kurkovsky","year":"2009","journal-title":"ACM SIGCSE Bulletin"},{"key":"ref_41","unstructured":"Wong, J.K., and Sheth, J.N. (1985). Explaining intention-behavior discrepancy\u2014A paradigm. ACR N. Am. Adv., Available online: www.acrwebsite.org\/volumes\/6419\/volumes\/v12\/NA-12."},{"key":"ref_42","unstructured":"de la Hera Conde-Pumpido, T. (2020, February 20). A Conceptual Model for the Study of Persuasive Games. Available online: https:\/\/repub.eur.nl\/pub\/110458\/."},{"key":"ref_43","unstructured":"Rittle-Johnson, B., and Koedinger, K.R. (2002, January 26\u201329). Comparing Instructional Strategies for Integrating Conceptual and Procedural Knowledge. Proceedings of the 24th annual meeting of the North American Chapters of the International Group for the Psychology of Mathematics Education, Athens, GA, USA."},{"key":"ref_44","unstructured":"Gee, J.P. (2009). Deep learning properties of good digital games: How far can they go?. Serious Games, Routledge."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change1","volume":"91","author":"Rogers","year":"1975","journal-title":"J. Psychol."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Scholefield, S., and Shepherd, L.A. (2019). Gamification Techniques for Raising Cyber Security Awareness. arXiv.","DOI":"10.1007\/978-3-030-22351-9_13"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"63","DOI":"10.4018\/ijopcd.2011070105","article-title":"The relationship between student learning styles and motivation during educational video game play","volume":"1","author":"Findley","year":"2011","journal-title":"Int. J. Online Pedagog. Course Des. (IJOPCD)"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Giannakas, F., Kambourakis, G., and Gritzalis, S. (2015, January 19\u201320). CyberAware: A mobile game-based app for cybersecurity education and awareness. Proceedings of the IEEE 2015 International Conference on Interactive Mobile Communication Technologies and Learning (IMCL), Thessaloniki, Greece.","DOI":"10.1109\/IMCTL.2015.7359553"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/11\/2\/121\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T08:59:48Z","timestamp":1760173188000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/11\/2\/121"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,21]]},"references-count":48,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2020,2]]}},"alternative-id":["info11020121"],"URL":"https:\/\/doi.org\/10.3390\/info11020121","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,21]]}}}