An official website of the United States government
Cybersecurity is a topic of growing interest. Do you have hands-on exercises that match the skills and levels of your students? Over the last few years, we have worked on making it easier to create, modify, and deploy exercises with assessment questions. EDURange is an open source project with exercises that span a wide range and can serve as templates for new ones. In addition to providing a framework for editing exercises, EDURange also allows Instructors to see student interaction and offer hints while they are doing the exercise. The features, that support this include chat with the instructor and machine learning algorithms for identifying which students need help. We plan to share some of the existing exercises and show how to adapt them to different students' profiles. We will also share our experiences with the hint system. Participants will gain experience in designing and adapting cybersecurity exercises and writing learning objectives and assessments. All backgrounds are welcome, whether you are new to teaching cybersecurity and have little experience with the command line, or whether you can create a network of containers and bash scripts to configure them. You will come away with a better understanding of how to design and create your own hands-on exercises.
more »
« less
This content will become publicly available on February 18, 2026
Tensor Decomposition for Student Success Prediction Models in Hands-on Cybersecurity Exercises
Cybersecurity is an ever-evolving field that demands more workers and a wider array of knowledge every year. As such, cybersecurity education remains essential - not just for professionals, but for developers and non-technical roles as well. Due to this, hands-on cybersecurity exercises, such as the ones in the eduRange platform, are increasingly important. EduRange aims to be a flexible, intuitive cybersecurity platform that allows instructors to tailor pre-existing scenarios to their classes' needs. However, when students become stuck or frustrated, learning grinds to a halt. To combat this discouragement, we want to create a semi-automated hint system that can consistently identify struggling students. Such a hint system, however, requires a large quantity of data, which can be difficult to obtain through classroom testing alone. As such, we explored creating synthetic data. We used a sample dataset and stored attempt accuracy in a three dimensional tensor with dimensions students, questions, and attempts. We then used tensor decomposition to fill in gaps in the dataset, a process called densification. Our primary objective was to optimize the tensor decomposition to obtain the most accurate possible densification. The results showed that to obtain the greatest accuracy, we should use rank-1 tensors and fill in logical extra data points. Additionally, we found that generic tensor decomposition may not be sufficient for Boolean data. In future work, we plan to use Boolean tensor decomposition to improve our results.
more »
« less
- PAR ID:
- 10595456
- Publisher / Repository:
- ACM
- Date Published:
- ISBN:
- 9798400705328
- Page Range / eLocation ID:
- 1762 to 1762
- Subject(s) / Keyword(s):
- machine learning security and privacy
- Format(s):
- Medium: X
- Location:
- Pittsburgh PA USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
We explore building a Kubernetes-powered, cloud-based cybersecurity education platform and framework named “EDURange Cloud”. It allows instructors to efficiently design and host their own cybersecurity competitions and exercises. The benefits of this system include enhanced security through isolated instances, cost-effective scaling that adjusts resources based on demand, and the agility to deploy or update challenges rapidly. Originally focused primarily on hosting Capture The Flag (CTF) competitions, the scope of EDURange Cloud will include support for cybersecurity demos and other educational exercises. This evolution will allow for a broader range of educational opportunities within the platform. EDURange Cloud was created as a distributed cloud alternative to the existing EDURange software \cite{Weiss2017Cybersecurity}, leveraging the power of Kubernetes to create an efficient and highly modular cybersecurity education framework. In addition to providing better load balancing and achievement tracking, EDURange Cloud extends the existing project by enabling full GUI desktop environments that are also much more easily customizable compared to command-line restricted exercises. The continued development of this platform could provide a new format for a wide range of hands-on exercises, going beyond just cybersecurity.more » « less
-
This paper evaluates the use of data logged from cybersecurity exercises in order to predict which students are potentially at risk of performing poorly. Hands-on exercises are essential for learning since they enable students to practice their skills. In cybersecurity, hands-on exercises are often complex and require knowledge of many topics. Therefore, students may miss solutions due to gaps in their knowledge and become frustrated, which impedes their learning. Targeted aid by the instructor helps, but since the instructor’s time is limited, efficient ways to detect struggling students are needed. This paper develops automated tools to predict when a student is having diffculty. We formed a dataset with the actions of 313 students from two countries and two learning environments: KYPO CRP and EDURange. These data are used in machine learning algorithms to predict the success of students in exercises deployed in these environments. After extracting features from the data, we trained and cross-validated eight classifiers for predicting the exercise outcome and evaluated their predictive power. The contribution of this paper is comparing two approaches to feature engineering, modeling, and classification performance on data from two learning environments. Using the features from either learning environment, we were able to detect and distinguish between successful and struggling students. A decision tree classifier achieved the highest balanced accuracy and sensitivity with data from both learning environments. The results show that activity data from cybersecurity exercises are suitable for predicting student success. In a potential application, such models can aid instructors in detecting struggling students and providing targeted help. We publish data and code for building these models so that others can adopt or adapt them.more » « less
-
The critical shortage of cyber security professionals has driven faculty interest in adding this to the curriculum, and it was added to the ACM/ IEEE Model Curriculum of 2013. This is a subject that demands hands-on exercises. There has been a modest increase in the number of such exercises, but the limit is usability. Most faculty do not have the time to create their own exercises, modify and install VMs, and set up assessment mechanisms. EDURange is a framework for accessing, developing and assessing interactive cybersecurity exercises. It has a range of exercises from introductory to advanced. We will demo an introductory exercise about using the command line and an advanced exercise about network scanning. We want to reach and engage as many faculty as possible, so that they can develop their own exercises. EDURange uses VMs in the cloud. Students only need an ssh-client. We have built tools to give faculty detailed information on how students are doing. This allows instructors to more easily see when students are stuck or heading in the wrong direction. The exercises we have created have manuals that instructors can use. Information about EDURange can be found at https://edurange.org.more » « less
-
Agrawal, Garima (Ed.)Cybersecurity education is exceptionally challenging as it involves learning the complex attacks; tools and developing critical problem-solving skills to defend the systems. For a student or novice researcher in the cybersecurity domain, there is a need to design an adaptive learning strategy that can break complex tasks and concepts into simple representations. An AI-enabled automated cybersecurity education system can improve cognitive engagement and active learning. Knowledge graphs (KG) provide a visual representation in a graph that can reason and interpret from the underlying data, making them suitable for use in education and interactive learning. However, there are no publicly available datasets for the cybersecurity education domain to build such systems. The data is present as unstructured educational course material, Wiki pages, capture the flag (CTF) writeups, etc. Creating knowledge graphs from unstructured text is challenging without an ontology or annotated dataset. However, data annotation for cybersecurity needs domain experts. To address these gaps, we made three contributions in this paper. First, we propose an ontology for the cybersecurity education domain for students and novice learners. Second, we develop AISecKG, a triple dataset with cybersecurity-related entities and relations as defined by the ontology. This dataset can be used to construct knowledge graphs to teach cybersecurity and promote cognitive learning. It can also be used to build downstream applications like recommendation systems or self-learning question-answering systems for students. The dataset would also help identify malicious named entities and their probable impact. Third, using this dataset, we show a downstream application to extract custom-named entities from texts and educational material on cybersecurity.more » « less
