Education in STEM disciplines, such as cybersecurity, presents several challenges due to the applied and evolving nature of these domains. Traditional methods are primarily focused on a passive approach, emphasizing theoretical knowledge and ofering limited opportunities for active engagement. Consequently, students may struggle to apply the knowledge they gain to solve specific problems. In contrast, immersive learning enables active involvement with content, promoting situated and embodied learning as well as the transfer of knowledge to the real world. For cybersecurity, in particular, immersive experiences give the possibility to simulate real-world scenarios, such as network attacks, system vulnerabilities, and defensive strategies, in a safe and controlled environment. Game-based learning has also shown great potential by increasing students' focus and motivation on learning. In this paper, we propose two immersive learning experiences that introduce fundamental concepts of cybersecurity. The first one aims to ofer an application for analyzing network trafic to overcome the limitations of current monitoring systems. Both experts and non-experts can interact with several immersive visualizations to, for example, check the health status of an IP address. The second one is an immersive learning game designed to introduce and practice several cybersecurity concepts. Players engage in a sequence of challenges, including decrypting messages, configuring firewalls, and recovering corrupted data.
Cybersecurity is a multidisciplinary field that requires knowledge from a wide range of domains and
has to deal with an ever-evolving threat landscape. Teaching technical disciplines, such as cybersecurity,
involves the application of innovative pedagogical approaches that support active, experiential, and
problem-solving learning. Traditional methods often rely on passive content delivery and abstract
representations, struggling to promote practical understanding and adequate learning experiences that
guide students toward an increased awareness of cybersecurity threats and a greater interest in the
ifeld [
In recent years, the advent of new technologies has significantly reshaped learning methods,
promoting more interactive, focused, and engaging approaches [
In this paper, we benefit from the learning afordances of immersive technologies and game-based learning to design two experiences that support both experts and non-experts in learning the fundamentals of cybersecurity. The first experience is an immersive environment with diferent visualizations of network trafic data. Interacting with the visualizations, users can learn about the health status of the IP addresses in the network and analyze other aspects of the connections. Compared to the security monitoring systems currently in use, this immersive experience enables users to focus on data exploration, thereby gaining a deeper understanding of how network trafic analysis works. The second application is a game designed to introduce fundamental cybersecurity concepts, such as cryptography, ifrewalls, backup, and recovery. The player experiences three diferent scenarios with mini-games to solve. Along the journey, she can access advanced information in the form of knowledge pills, which explain the theory behind the game logic, and a digital library where she can request additional explanations from a generative AI engine.
From the very first attempt to build virtual environments in the 1990s, it was clear that there was a
valuable application of this technology in education, with a shift towards more active participation,
where students do not stand in front of a monitor, but wear the device and interact with an immersive
interface through multimodal stimuli [
The application of an immersive approach to building learning experiences can be associated with
various pedagogical strategies, including active, experiential, and game-based, where the primary focus
is on learning to solve complex problems through a "learning by doing" paradigm [
Immersive learning experiences are often combined with game-based learning to leverage the intrinsic
motivation features of video games. Digital educational games, frequently referred to as serious games,
engage learners in gaming experiences with a learning purpose [16]. Their success strongly relies on
the intrinsically motivational features of video games, including the intense involvement of learners and
their exposure to continuous challenges that require the application of skills, all of which contribute to
creating flow experiences [
Immersive experiences can provide significant educational benefits, particularly in STEM (Science, Technology, Engineering and Mathematics) disciplines, such as cybersecurity, where it is crucial not only to have an understanding of the main concepts and topics but also to know how to apply them to real-world cases. One of the characteristics of the cybersecurity field is the complex and ever-evolving nature of cyberattacks, which require robust and efective strategies. Immersive applications can help (a) Interacting with a connection (b) IP trafic heatmap (c) Histogram of IP trafic support the learning of these strategies and their applications [17]. Virtual environments can provide a safe and controlled space to simulate real-world hazards and attacks, and analyze the efectiveness of various strategies [18]. In this way, students can acquire knowledge and skills to handle similar situations in reality. Moreover, these experiences are designed to be interactive and engaging, enhancing students’ motivation and, consequently, their interest in the disciplines [17].
In this paper, we describe two immersive experiences designed to support users while learning and practicing cybersecurity concepts. Both use a virtual reality environment, but each ofers a diferent experience. The first one is an immersive visualization space for analyzing network trafic datasets. The second one is a game designed to introduce fundamental concepts, such as cryptography, firewalls, backup, and recovery.
The security of the network trafic is a key issue for many businesses and companies [ 19]. Actual
network security monitoring systems ofer several key operations, such as intrusion detection, real-time
alerts, and policy enforcement, to detect threats early and respond promptly [20, 21]. Often, these
systems can be challenging to interact with, failing to provide a clear understanding of what is happening
in the network [
The first immersive experience we propose enables both students and system analysts to monitor network trafic through various visualizations. By interacting with them, users can, for example, determine whether an IP address is in a healthy state or is experiencing issues due to excessive incoming trafic. In this way, they can learn from exploring the dataset in a space that encourages information retention and pattern recognition.
The system has been designed to analyze network trafic in real-time; however, for testing purposes, we have used a dataset containing real network trafic data. The design of the immersive experience is based on a modular structure in five steps: 1. Data Collection: The system has been designed to analyze network trafic in real-time; however, to test the prototype under realistic but controlled conditions, we utilized the CIC UNSW-NB15 Augmented Dataset [22], which contains trafic generated in a simulated enterprise-like network environment. The dataset includes both realistic normal behavior and various types of synthetic cyberattacks collected over a two-day period. It provides 47 features per connection and consists of eight types of attacks: Fuzzer, Analysis, Backdoor, Exploit, Generic, Reconnaissance, Shellcode, and Worm. 2. Data Preparation: To make the dataset compatible with the system, it was necessary to identify and extract only the features required for the visualizations, specifically to define the nodes, (a) Ceaser Chipher (b) Configuration Firewall (c) Backup and Recovery
establish the links based on data exchanges, and display meaningful statistics for each connection. 3. Immersive Network Graph: The main visualization created in the VR environment is the network graph, where each node represents an IP address in the network, with diferent colors indicating its health status: green for regular trafic, orange for potentially anomalous behavior (used to anticipate possible DoS attacks [23]), and red for nodes identified as malicious. The links between nodes represent the information exchanged between two IP addresses at a given instant in time. As shown in Figure 1a, the VR environment displays the 3D network graph with color-coded nodes and visible connections. The user can activate a timeline on her left arm to display the evolution of the network trafic over time, observing how the colors and the connections change. The user can also interact with the network by grabbing and moving nodes, as well as by clicking on a link to display information related to the specific connection (Figure 1a). 4. Query Menu: Users can access a menu to select one of three predefined queries, each designed to provide targeted insights into network activity. The first query displays a histogram representing the total amount of data generated by each source IP address, helping analysts quickly identify the most active nodes. The active nodes may indicate legitimate high-trafic sources or potentially compromised systems involved in data exfiltration or denial-of-service attacks. The second query utilizes an interactive bubble graph to display the distribution of protocols (e.g., TCP, UDP, ICMP) employed for the connections. The bubble size indicates usage frequency, and it can help detect abnormal protocol usage, such as unexpected encrypted trafic or unusual reliance on uncommon protocols. The third query generates a heatmap that visualizes the trafic intensity between source and destination IP pairs using a color gradient: blue indicates no or very low trafic, cyan indicates low trafic, green represents medium trafic, yellow shows high trafic, and red signals very high trafic. This visualization facilitates the detection of communication bottlenecks, suspicious peer-to-peer patterns, or lateral movement within the network. Each query activates the tailored 3D visualization in the VR environment when selected, as shown in Figure 1b and Figure 1c. 5. System Tutorial: The users accessing the system for the first time can explore a tutorial to familiarize themselves with the diferent options ofered by the system, including the visualizations and the controllers to interact with them.
The second immersive experience we propose is CyberSecVR, a learning game to support students and non-experts in exploring fundamental concepts in cybersecurity. CyberSecVR is structured as a sequential journey through three virtual environments, each representing a key topic in cybersecurity. The aesthetic of the scenes incorporates several cyberpunk-inspired elements, including neon-lit scenes, stylized terminals, and digital overlays, to enhance user immersion in the game’s dynamics.
The first scene, where the game begins, is an outdoor courtyard in front of a futuristic laboratory with various environments designed to simulate increasingly complex cybersecurity scenarios. In the same courtyard, a digital library is also available, where players can find more information about the concepts encountered during the game. The game is organized into three environments: 1. Cryptography: This is the first level of the game, and it is set in a closed courtyard outside a high-tech laboratory building. The player has to decrypt a short sentence encoded with a Caesar cipher [24] to unlock the doors and enter the laboratory. As shown in Figure 2a, a stylized terminal displays the encrypted phrase, while a holographic interface allows the user to type the decoded version using a virtual keyboard. After a few seconds of inactivity, the system displays a clue as a visual representation of the alphabet to the player. This level introduces the concept of symmetric encryption and logical pattern recognition through simple interaction. The correct answer triggers visual and audio feedback, giving interesting information about the Caesar cipher and granting access to the laboratory. 2. Firewall Defense: The second level takes place inside a high-security network control room in the laboratory. The player is tasked with configuring a firewall system to defend against an ongoing DoS attack [23]. Using gesture-based and controller inputs, the player observes streams of incoming packets rendered as colored orbs flying toward a server terminal. Each packet includes visual cues such as IP address labels, protocol icons, and, most importantly, color coding: green orbs indicate legitimate packets, and red ones indicate malicious ones. The player can manually shoot unwanted packets using a handheld device or, as shown in Figure 2b, configure an autonomous turret based on a whitelist and blacklist mechanism: the whitelist contains benign IP addresses, and the blacklist contains malicious ones. This dual mechanic introduces players to both manual and rule-based filtering, mirroring real-world intrusion prevention techniques. 3. Backup and Recovery: The third level places the player in a simulated server room. The space is filled with large holographic drives and blinking storage bays, evoking the interior of a futuristic data center. Players must solve a series of mini-puzzles, similar to those shown in Figure 2c, to restore corrupted data from backups. This includes visual sorting tasks and interactive diagrams that illustrate the diferences between full, incremental, and diferential backups. A damaged virtual disk must be repaired by dragging and placing encryption pieces and selecting the correct recovery paths. Feedback is provided through visual light signals and narrator cues, helping players understand not only what backup strategies exist but also when and why each is appropriate.
In another building, adjacent to the laboratory, a library is located that hosts a virtual assistant terminal, accessible after completing the game’s three levels. This assistant appears as a floating holographic AI situated in a quiet digital room filled with virtual books and glowing panels. Players can grab a virtual microphone and start speaking directly to the assistant to ask questions or clarify concepts encountered during the game. The assistant utilizes various generative AI models to provide dynamic and context-aware responses, speech-to-text transcription, and in-game narration.
The proposed immersive experiences have significant potential for ofering an innovative approach to learning cybersecurity fundamentals from both theoretical and practical perspectives. They have been designed to leverage immersive learning, supporting both expert and non-expert users as they explore topics such as network trafic analysis, firewalls, and data recovery. The results are more engaging and practical experiences that can increase users’ motivation and interest in the cybersecurity domain. Both experiences can be employed to train users with the simulation of real-world scenarios and encourage long-term knowledge retention.
The experiences are currently being evaluated to assess their eficacy as learning tools, particularly in terms of learners’ engagement and transfer of the acquired knowledge to the real world.
This work has been supported by the Madrid Government (Comunidad de Madrid-Spain) under the Multiannual Agreement with UC3M (IRIS-CM-UC3M) and the Institute of Women (Ministry of Health, Social Services and Equality) under the InfoIA project (2024/00647/001).
During the preparation of this work, the authors used Grammarly in order to: Grammar and spelling check, Paraphrase and reword. After using this tool, the authors reviewed and edited the content as needed and take full responsibility for the publication’s content. [16] D. W. Shafer, K. R. Squire, R. Halverson, J. P. Gee, Video games and the future of learning, Phi delta kappan 87 (2005) 105–111. [17] A. A. M, H. Shabana, I. Muhammad, A. H. Saleh, W. Muhammad, Exploring cybersecurity education and training techniques: a comprehensive review of traditional, virtual reality, and augmented reality approaches, Symmetry 15 (2023) 2175. [18] L. Anthony, K. Kenneth, G. Denis, A. Mohamed, Experiential learning through immersive xr: cybersecurity education for critical infrastructures, in: International Conference on HumanComputer Interaction, Springer, 2024, pp. 56–69. [19] F. M. Cremer F, Sheehan B, K. AN, M. M, M. F, M. S., Cyber risk and cybersecurity: a systematic review of data availability., National Library of Medicine (2022). [20] K. Scarfone, P. Mell, Guide to intrusion detection and prevention systems (idps), 2007. [21] FireMon, Top 10 network security monitoring tools, 2024. URL: https://www.firemon.com/blog/ network-security-monitoring-tools/#best-network-security-monitoring-tools. [22] C. I. for Cybersecurity, Cic unsw-nb15 dataset, 2015. URL: https://www.unb.ca/cic/datasets/ cic-unsw-nb15.html. [23] C. Glenn, K. George, B. R. R, R. Suresh, Denial-of-service attack-detection techniques, IEEE
Internet computing 10 (2006) 82–89. [24] J. Andress, Chapter 5 - cryptography, in: J. Andress (Ed.), The Basics of Information Security (Second Edition), second edition ed., Syngress, Boston, 2014, pp. 69–88. doi:10.1016/ B978-0-12-800744-0.00005-1.