skip to main content
Explore Scholarly Publications and Datasets in the NSF-PAR

Title: Eureka!: Advancing Cybersecurity Learning through Inquiry-Based Laboratories
Cybersecurity is rapidly becoming one of the most important industries in the world, in regards to the national, financial, and environmental well-being of every nation. There are currently about half a million cyber attacks every minute, and the attacks will continue to increase in complexity and frequency as hackers adapt their strategies to the ever-changing cyber physical landscape. It is critical to train and educate the future workforce on the fundamental aspects of cyber and mobile security, and to improve their ability to identify, prevent, and respond to emerging threats. The purpose of this paper is to discuss the development of a collection of cybersecurity labs - called Eureka Experiences - designed to teach sophisticated concepts in an engaging, efficient, and affordable virtualization environment. This presentation will also address the future research and development of with these labs, and propose possible strategies for adapting them to a wide range of learners.
Authors:
Award ID(s):
1829553
Publication Date:
NSF-PAR ID:
10177445
Journal Name:
Society for Information Technology & Teacher Education International Conference
Volume:
2020
Issue:
1
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ( , IEEE International Conference on Big Data (Big Data))
    Machine Learning (ML) analyzes, and processes data and discover patterns. In cybersecurity, it effectively analyzes big data from existing cybersecurity attacks and develop proactive strategies to detect current and future cybersecurity attacks. Both ML and cybersecurity are important subjects in computing curriculum, but using ML for cybersecurity is not commonly explored. This paper designs and presents a case study-based portable labware experience built on Google's CoLaboratory (CoLab) for a ML cybersecurity application to provide students with hands-on labs accessing from anywhere and anytime, reducing or eliminating tedious installations and configurations. This approach allows students to focus on learning essential concepts and gaining valuable experience through hands-on problem solving skills. Our preliminary results and student evaluations are reported for a case-based hands-on regression labware in cyber fraud prediction using credit card fraud as an example.
  2. ( , 2021 Fall ASEE Middle Atlantic Section Meeting)
    The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State Universitymore »launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense.« less
  3. ; ; ; ( , Journal of Artificial Intelligence and Technology)
    Lecture-based teaching paired with laboratory-based exercises is most commonly used in cybersecurity instruction. However, it focuses more on theories and models but fails to provide learners with practical problem-solving skills and opportunities to explore real-world cybersecurity challenges. Problem-based Learning (PBL) has been identified as an efficient pedagogy for many disciplines, especially engineering education. It provides learners with real-world complex problem scenarios, which encourages learners to collaborate with classmates, ask questions and develop a deeper understanding of the concepts while solving real-world cybersecurity problems. This paper describes the application of the PBL methodology to enhance professional training-based cybersecurity education. The authors developed an online laboratory environment to apply PBL with Knowledge-Graph (KG) based guidance for hands-on labs in cybersecurity training.Learners are provided access to a virtual lab environment with knowledge graph guidance to simulated real-life cybersecurity scenarios. Thus, they are forced to think independently and apply their knowledge to create cyber-attacks and defend approaches to solve problems provided to them in each lab. Our experimental study shows that learners tend to gain more enhanced learning outcomes by leveraging PBL with knowledge graph guidance, become more aware of cybersecurity and relevant concepts, and also express interest in keep learning of cybersecurity usingmore »our system.« less
  4. ; ; ; ; ( , Proceedings of the 51st ACM Technical Symposium on Computer Science Education (SIGCSE))
    Machine Learning (ML) analyzes, and processes data and develop patterns. In the case of cybersecurity, it helps to better analyze previous cyber attacks and develop proactive strategy to detect and prevent the security threats. Both ML and cybersecurity are important subjects in computing curriculum, but ML for cybersecurity is not well presented there. We design and develop case-study based portable labware on Google CoLab for ML to cybersecurity so that students can access and practice these hands-on labs anywhere and anytime without time tedious installation and configuration which will help students more focus on learning of concepts and getting more experience for hands-on problem solving skills.
  5. ; ; ; ; ( , 2021 IEEE International Conference on Big Data (Big Data))
    Machine Learning (ML) analyze, and process data and develop patterns. In the case of cybersecurity, it helps to better analyze previous cyber attacks and develop proactive strategy to detect, prevent the security threats. Both ML and cybersecurity are important subjects in computing curriculum but ML for security is not well presented there. We design and develop case-study based portable labware on Google CoLab for ML to cybersecurity so that students can access, share, collaborate, and practice these hands-on labs anywhere and anytime without time tedious installation and configuration which will help students more focus on learning of concepts and getting more experience for hands-on problem solving skills.
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email