The Creeper

A choose your own adventure game intended to teach high schoolers different cybersecurity topics.

Summary

You arrive at a mysterious, large mansion. Before you enter the house, you open up a letter which reveals an invitation. Inside, it details that you have been invited to a very special release party of the newest invention by a big tech company. You enter and find many distinguished guests from varying fields of research, backgrounds, and celebrities. When the new technology is finally revealed in the main foyer, you realize that there is a problem. The tech entrepreneur has created a device that has trapped you and the other party goers in the house. The Creeper will slowly escape the game and infect your real-life computer... That is, unless you’re able to stop it. Utilizing the help of the industry experts at the party, you must explore the mansion, defend against the attacks, and launch counter attacks against the computer in order to stop the device.

Theme/Genre

Educational Text-Based Meta-Adventure RPG

Elevator Pitch

Inspire interest and curiosity in cybersecurity by introducing general concepts such as cryptography, scripting, and safety in an educational format that stays engaging. The game mechanics aim to simulate the learning environments that are necessary for cybersecurity through the simple text-based environment and introduce intuition.

Audience

Middle to Early High School

Game Flow Summary

This is a single-player RPG in which the player interacts by inputting commands, like the popular game zork. The player will need to solve challenges to open doors and stop the AI in the final server room. The player does so by talking with people and interacting with items. There is an element of interactive fiction in which the student can explore at their own pace, but they still explore the lore of The Creeper story and learn about cybersecurity.

Educational Design

Learning Objectives

Social Engineering
Cryptography
Cybersecurity Concepts and Thought Processes
Scripting
Hacking

Puzzle/Challenge Structure

The puzzle mechanics vary from each level, but they are each based on interacting with characters and objects in an environment. Players learn about the challenge and required objectives to complete the challenge from clues in the environment and interacting with characters, then use them to progress.

Play Flow

The game is linearly structured and the player must open the door to get to the next level. However, this can be done in many ways and orders by talking to different characters or using different objects. Players that already know about cybersecurity may not need to talk to others and can pass the level given their own knowledge. However, levels get harder and the player most likely will have to explore sometime.

Why Choose Your Own Adventure in 2019?

CYOA games seem like an vestigial game type from the 90s. But, it is such a perfect game type for learning about cyber security directly due to how it is designed. The gameplay literally mimics scripting - a skill that in high demand in cyber security. Our idea was to take advantage of this parallel and literally incorporate scripting into the game. As the user progresses through the levels they realize that their adversary is sentient, and the only way to stop them is to literally hack into the game. While we didn't have the time to implement this functionality, our engine allows for easy implementation in the future.

Storyline

Setting

Located in a tech entrepreneur's house in the near future.

Characters

You
Partygoers (security experts, children, etc)
Evil AI

Visuals

Text-Based Game w/ minimal visuals. The user will input commands and will be able to see a log of conversation/interaction history. We also have pixelated images that accompany different commands/interactions and a map. In the future, we would like to make a minimap as well as an inventory.

Game Play Mechanics

The gameplay mechanics inspire curiosity by allowing players to explore on their own. This also enforces vital cybersecurity mindset in which one needs to be prevent vulnerability while still being informed and probing a situation. The text-based interaction simulates a social engineering environment as well as a scripting environment.

Controls

Type what you want to do in the text box!

Levels

Phase 1: Cryptography Intro to the game and introducing mechanics Level 1 (implemented): Use social engineering to retrieve a key needed to unlock a door protected by a caesar cypher. Level 2: (planned): Vigenere Phase 2: Scripting Gain access to a computer not controlled by Level 1 (planned): Use network commands to prevent AI from advancing Level 2: (planned): ssh into a remote computer to retrieve house blueprints Phase 3: Hacking SQL Injection, Buffer Overflow to destroy certain parts of AI. Phase 4: Safety The AI has started to prey on the partygoers using phishing emails and scams. Differentiate between fake websites and emails. Final Phase The AI has gained access to your own computer (outside of the game). Use your learned knowledge to destroy the AI in the final boss level.

Technical Requirements

The user interacts with the game through natural language commands, implemented using Word2Vec.

Scoring Method

There is not a scoring method. This is instead to introduce students who have never been exposed to cybersecurity so they can experience the field and gain a curiosity for it. Students can take how long they want and even explore more if they want to!

Our Implementation

Our implementation consists of a base demo for the first level. It is an extremely early alpha with loads of bugs. In our demo first level, the player needs to find the key to a Caesar Cypher through social engineering some of the people at the party. There is always more to be explored, as students can learn more about the CIA Triad as well as Cyber Risk by talking to some of the people there. Our set of actions is limited and the natural language pipeline (Word2Vec cosine similarity) we are using is not perfect, but it works better than expected.