This research project aims to increase the employees' cybersecurity awareness by proposing a training program that consists of pre-game and post-game phishing attacks, pre-game and post-game surveys, and an interactive zero-day game with embedded threat scenarios. Furthermore, we propose five flowcharts that simulate common cyberattacks. The zero-day game consists of five levels. The first level trains employees in using complex passwords. Two levels cover the social engineering attacks: one level trains employees about suspicious links and online survey tricks, while the other level trains players about the organization's security policies. The fourth level educates employees about malware spread via repackaged fake applications. The last level educates employees about phishing email attacks. Furthermore, we developed a chatbot inside the game to aid users in playing the different game levels. Additionally, two surveys and two phishing attacks are carried out to assess the employees' knowledge level of cybersecurity threats. The zero-day cybersecurity awareness program is applied to twenty-three employees. Experimental results indicate that the zero-day cybersecurity awareness program is more engaging and effective than traditional awareness programs. Results also indicate that the proposed program accurately measures and improves the employees' cybersecurity awareness level.

该研究项目旨在通过提出一项培训计划来提高员工的网络安全意识，该培训计划包括赛前和赛后网络钓鱼攻击、赛前和赛后调查以及嵌入威胁场景的交互式零日游戏。此外，我们提出了五个模拟常见网络攻击的流程图。零日游戏由五个级别组成。第一级培训员工使用复杂密码。社会工程攻击分为两个级别：一个级别对员工进行有关可疑链接和在线调查技巧的培训，而另一个级别对玩家进行有关组织安全策略的培训。第四级教育员工有关通过重新打包的虚假应用程序传播的恶意软件的知识。最后一级对员工进行有关网络钓鱼电子邮件攻击的教育。此外，我们在游戏内开发了一个聊天机器人，以帮助用户玩不同的游戏级别。此外，还进行了两次调查和两次网络钓鱼攻击，以评估员工对网络安全威胁的了解水平。零日网络安全意识计划适用于 23 名员工。实验结果表明，零日网络安全意识计划比传统意识计划更具吸引力和有效性。结果还表明，所提出的计划准确测量并提高了员工的网络安全意识水平。