Machine Learning (ML) analyzes, and processes data and discover patterns. In cybersecurity, it effectively analyzes big data from existing cybersecurity attacks and develop proactive strategies to detect current and future cybersecurity attacks. Both ML and cybersecurity are important subjects in computing curriculum, but using ML for cybersecurity is not commonly explored. This paper designs and presents a case study-based portable labware experience built on Google's CoLaboratory (CoLab) for a ML cybersecurity application to provide students with hands-on labs accessing from anywhere and anytime, reducing or eliminating tedious installations and configurations. This approach allows students to focus on learning essential concepts and gaining valuable experience through hands-on problem solving skills. Our preliminary results and student evaluations are reported for a case-based hands-on regression labware in cyber fraud prediction using credit card fraud as an example.
more »
« less
Eureka!: Advancing Cybersecurity Learning through Inquiry-Based Laboratories
Cybersecurity is rapidly becoming one of the most important industries in the world, in regards to the national, financial, and environmental well-being of every nation. There are currently about half a million cyber attacks every minute, and the attacks will continue to increase in complexity and frequency as hackers adapt their strategies to the ever-changing cyber physical landscape. It is critical to train and educate the future workforce on the fundamental aspects of cyber and mobile security, and to improve their ability to identify, prevent, and respond to emerging threats. The purpose of this paper is to discuss the development of a collection of cybersecurity labs - called Eureka Experiences - designed to teach sophisticated concepts in an engaging, efficient, and affordable virtualization environment. This presentation will also address the future research and development of with these labs, and propose possible strategies for adapting them to a wide range of learners.
more »
« less
- Award ID(s):
- 1829553
- NSF-PAR ID:
- 10177445
- Date Published:
- Journal Name:
- Society for Information Technology & Teacher Education International Conference
- Volume:
- 2020
- Issue:
- 1
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The integration of cyber-physical systems (CPS) has been extremely advantageous to society, it merges the attention of cybersecurity for vehicles as a timely concern as a matter of public and individual. The failure of any vehicle system could have a serious impact on vehicle control and cause undesired consequences. With the growing demand for security in CPS, there are few hands-on labs/modules available for training current students, future engineers, or IT professionals to understand cybersecurity in CPS. This study describes the execution of a free security testbed to replicate a vehicle’s network system and the implementation of this testbed via hands-on lab designed to introduce concepts of vehicle control systems. The hands-on lab simulates insider threat scenarios where students had to use can-utils toolkits and SavvyCAN to send, modify, and capture the network packet and exploit the system vulnerability threats such as replay attacks and fuzzing attacks on the vehicle system. We conducted a case study with 21 university-level students, and all students completed the hands-on lab, pretest, posttest, and a satisfaction survey as part of a non-graded class assignment. The experimental results show that most students were not familiar with cyber-physical systems and vehicle control systems and never had the chance to do any hands-on lab in this field before. Furthermore, students reported that the hands-on lab helped them learn about CAN-bus and rated high scores for enjoyment. We discussed the design of an affordable tool to teach about vehicle control systems and proposed directions for future work.more » « less
-
The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State University launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense.more » « less
-
Cybersecurity is a complex problem. To study the complexity underneath the system and forecast possible future cyber events, we used system dynamics (SD)modeling and simulation.Network operations are normally modeled and simulated using the discrete-event simulation (DES) techniques. Since the primary focus of the DES modeling is packet traffic, the cyberattacks and resulting defenses are viewed from the layer 3 (network layer) of the open system interconnection (OSI) model. This does not discover more harmful attacks that might occur at higher(layer 4 and above) OSI layers. There are 32 million small businesses across the United States and 81 percent of them do not have cybersecurity personnel. Today’s extraordinary (COVID-19) situation, application layer (layer 7) security is the key concern for everyone, because every business revenue is heavily dependent on online/always-on presence. Research shows that almost 70 percent of successful cyber attacks are happening at the application layer. This paper presents a new integrated SD modeling framework for the application layer security to help small businesses from cyberattacks.more » « less
-
Lecture-based teaching paired with laboratory-based exercises is most commonly used in cybersecurity instruction. However, it focuses more on theories and models but fails to provide learners with practical problem-solving skills and opportunities to explore real-world cybersecurity challenges. Problem-based Learning (PBL) has been identified as an efficient pedagogy for many disciplines, especially engineering education. It provides learners with real-world complex problem scenarios, which encourages learners to collaborate with classmates, ask questions and develop a deeper understanding of the concepts while solving real-world cybersecurity problems. This paper describes the application of the PBL methodology to enhance professional training-based cybersecurity education. The authors developed an online laboratory environment to apply PBL with Knowledge-Graph (KG) based guidance for hands-on labs in cybersecurity training.Learners are provided access to a virtual lab environment with knowledge graph guidance to simulated real-life cybersecurity scenarios. Thus, they are forced to think independently and apply their knowledge to create cyber-attacks and defend approaches to solve problems provided to them in each lab. Our experimental study shows that learners tend to gain more enhanced learning outcomes by leveraging PBL with knowledge graph guidance, become more aware of cybersecurity and relevant concepts, and also express interest in keep learning of cybersecurity using our system.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- The DOI is not currently available.
