Search for: All records

Cybersecurity is an ever-evolving field that demands more workers and a wider array of knowledge every year. As such, cybersecurity education remains essential - not just for professionals, but for developers and non-technical roles as well. Due to this, hands-on cybersecurity exercises, such as the ones in the eduRange platform, are increasingly important. EduRange aims to be a flexible, intuitive cybersecurity platform that allows instructors to tailor pre-existing scenarios to their classes' needs. However, when students become stuck or frustrated, learning grinds to a halt. To combat this discouragement, we want to create a semi-automated hint system that can consistently identify struggling students. Such a hint system, however, requires a large quantity of data, which can be difficult to obtain through classroom testing alone. As such, we explored creating synthetic data. We used a sample dataset and stored attempt accuracy in a three dimensional tensor with dimensions students, questions, and attempts. We then used tensor decomposition to fill in gaps in the dataset, a process called densification. Our primary objective was to optimize the tensor decomposition to obtain the most accurate possible densification. The results showed that to obtain the greatest accuracy, we should use rank-1 tensors and fill in logical extra data points. Additionally, we found that generic tensor decomposition may not be sufficient for Boolean data. In future work, we plan to use Boolean tensor decomposition to improve our results. 

Cybersecurity is a topic of growing interest. Do you have hands-on exercises that match the skills and levels of your students? Over the last few years, we have worked on making it easier to create, modify, and deploy exercises with assessment questions. EDURange is an open source project with exercises that span a wide range and can serve as templates for new ones. In addition to providing a framework for editing exercises, EDURange also allows Instructors to see student interaction and offer hints while they are doing the exercise. The features, that support this include chat with the instructor and machine learning algorithms for identifying which students need help. We plan to share some of the existing exercises and show how to adapt them to different students' profiles. We will also share our experiences with the hint system. Participants will gain experience in designing and adapting cybersecurity exercises and writing learning objectives and assessments. All backgrounds are welcome, whether you are new to teaching cybersecurity and have little experience with the command line, or whether you can create a network of containers and bash scripts to configure them. You will come away with a better understanding of how to design and create your own hands-on exercises. 

We explore building a Kubernetes-powered, cloud-based cybersecurity education platform and framework named “EDURange Cloud”. It allows instructors to efficiently design and host their own cybersecurity competitions and exercises. The benefits of this system include enhanced security through isolated instances, cost-effective scaling that adjusts resources based on demand, and the agility to deploy or update challenges rapidly. Originally focused primarily on hosting Capture The Flag (CTF) competitions, the scope of EDURange Cloud will include support for cybersecurity demos and other educational exercises. This evolution will allow for a broader range of educational opportunities within the platform. EDURange Cloud was created as a distributed cloud alternative to the existing EDURange software \cite{Weiss2017Cybersecurity}, leveraging the power of Kubernetes to create an efficient and highly modular cybersecurity education framework. In addition to providing better load balancing and achievement tracking, EDURange Cloud extends the existing project by enabling full GUI desktop environments that are also much more easily customizable compared to command-line restricted exercises. The continued development of this platform could provide a new format for a wide range of hands-on exercises, going beyond just cybersecurity. 

In this tutorial, we will introduce a cybersecurity education framework for developing polymorphic hands-on exercises. Many faculty readily acknowledge the importance of cybersecurity in the Computer Science curriculum, but there are still barriers to integrating it into existing courses. One of those barriers is the fact that in most courses, the current content fills the entire term. Another issues is that faculty don't have time and expertise to create new content that would fit well with their current content and style. The third problem is that exercises created should be resistant to solution by LLMs. We have developed cybersecurity exercises that combine two principles: environment specificity and polymorphism. Environment specificity means that the solutions to the exercise should depend on the local environment (LLMs don't have access to that information). In this context, polymorphism means that they can be easily modified each time that the class is taught. 

This paper evaluates the use of data logged from cybersecurity exercises in order to predict which students are potentially at risk of performing poorly. Hands-on exercises are essential for learning since they enable students to practice their skills. In cybersecurity, hands-on exercises are often complex and require knowledge of many topics. Therefore, students may miss solutions due to gaps in their knowledge and become frustrated, which impedes their learning. Targeted aid by the instructor helps, but since the instructor’s time is limited, efficient ways to detect struggling students are needed. This paper develops automated tools to predict when a student is having diffculty. We formed a dataset with the actions of 313 students from two countries and two learning environments: KYPO CRP and EDURange. These data are used in machine learning algorithms to predict the success of students in exercises deployed in these environments. After extracting features from the data, we trained and cross-validated eight classifiers for predicting the exercise outcome and evaluated their predictive power. The contribution of this paper is comparing two approaches to feature engineering, modeling, and classification performance on data from two learning environments. Using the features from either learning environment, we were able to detect and distinguish between successful and struggling students. A decision tree classifier achieved the highest balanced accuracy and sensitivity with data from both learning environments. The results show that activity data from cybersecurity exercises are suitable for predicting student success. In a potential application, such models can aid instructors in detecting struggling students and providing targeted help. We publish data and code for building these models so that others can adopt or adapt them. 

This paper proposes a design for an introductory password cracking exercise that gives students the opportunity to develop foundational cybersecurity skills while increasing their confidence and agency. This exercise aims to educate students about the brittle nature of passwords while increasing students' cybersecurity soft skills, such as collaboration, autonomy, and problem solving. To do so, the exercise uses pedagogical methods such as the Gradual Release of Responsibility model and guiding questions. The exercise is holistic, hands-on, and consists of three scaffolded levels: Password guessing, intelligence gathering, and spear phishing. • Manually attempting a “credential stuffing” attack on a simple password. • Scripting an automated password cracking tool. This exercise will educate students about passwords, how to attack them, and how to choose secure passwords while building foundational cybersecurity skills and keeping less experienced students interested, engaged, and motivated.