research-article

Public Access

Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses

Authors:

John Grady Hall,

Abhinav Mohanty,

Pooja Murarisetty,

Ngoc Diep Nguyen,

Julio César Bahamón,

Harini Ramaprasad,

Meera SridharAuthors Info & Claims

SIGCSE 2022: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1

Pages 696 - 702

https://doi.org/10.1145/3478431.3499417

Published: 22 February 2022 Publication History

Abstract

This paper presents Criminal Investigations, a gamified, scalable web-based framework for teaching and assessing Internet-of-Things (IoT) security skills. Criminal Investigations is packaged as a series of stackable IoT security activities; the current version uses React for the front-end development and Python for the back-end, and is deployed as a web application on a university server. Criminal Investigations promotes student engagement and learning by incorporating gamification concepts such as storytelling, experience points, just-in-time learning content delivery and checkpoints into activity design. This paper presents a pilot deployment of Criminal Investigations' first, fully-deployed, prototype activity "Reverse Engineering and Analyzing IoT Firmware''. The results of the pilot deployment indicate that Criminal Investigations provides an engaging, user-friendly, accessible environment, and helps students achieve the learning objectives of the prototype activity.

References

[1]

[n.d.]. Process Oriented Guided Inquiry Learning. https://pogil.org/.

[2]

[n.d.]. Process Oriented Guided Inquiry Learning. http://cspogil.org/Home.

[3]

[n.d.]. The Need for Diversity in Cybersecurity. https://medium.com/diversityunscripted/the-need-for-diversity-in-cybersecurity-1ec1c14e1770.

[4]

Muhammad Rizwan Asghar and Andrew Luxton-Reilly. 2018. Teaching Cyber Security Using Competitive Software Obfuscation and Reverse Engineering Activities. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education. 179--184.

Digital Library

[5]

Attify. [n.d.]. Offensive IoT Exploitation. https://www.attify.com/iot-securityexploitation-training. Accessed: 2020--1--13.

[6]

Jonathan Bergmann and Aaron Sams. 2012. Flip your classroom: Reach every student in every class every day. International society for technology in education.

[7]

J. Bergmann and A. Sams. 2014. Flipped Learning: Gateway to Student Engagement. International Society for Technology in Education.

[8]

Jacob Lowell Bishop and Matthew A Verleger. 2013. The flipped classroom: A survey of the research. In ASEE National Conference Proceedings, Atlanta, GA, Vol. 30. 1--18.

[9]

Charles C Bonwell and James A Eison. 1991. Active Learning: Creating Excitement in the Classroom. 1991 ASHE-ERIC Higher Education Reports. ERIC.

[10]

Brian Russel and Sunil Gupta. [n.d.]. Securing IoT: From Security to Practical Pentesting on IoT. https://www.udemy.com/course/securing-iot-from-securityto-practical-pentesting-on-iot/. Accessed: 06-07--2019.

[11]

Patrick Buckley and Elaine Doyle. 2016. Gamification and student motivation. Interactive Learning Environments 24, 6 (2016), 1162--1175. https://doi.org/10. 1080/10494820.2014.964263

[12]

Tom Chothia and Joeri de Ruiter. 2016. Learning From Others' Mistakes: Penetration Testing IoT Devices in the Classroom. In USENIX Workshop on Advances in Security Education (ASE 16).

[13]

OverTheWire (community). [n.d.]. Wargames. http://overthewire.org/ wargames/.

[14]

Chris Crawford. 2003. Chris Crawford on Game Design. New Riders Publishing, USA.

Digital Library

[15]

DataUSA. [n.d.]. INFORMATION SECURITY ANALYSTS. https://datausa.io/ profile/soc/151122/#demographics. Accessed on 04--22--2019.

[16]

Tamara Denning, Adam Lerner, Adam Shostack, and Tadayoshi Kohno. 2013. Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security (CCS). 915--928.

Digital Library

[17]

Distributed Management Task Force (DMTF). [n.d.]. Open Virtualization Format. https://www.dmtf.org/standards/ovf. Accessed on 01--14--2021.

[18]

edx. [n.d.]. Cybersecurity and Privacy in the IoT. https://www.edx.org/course/ cybersecurity-and-privacy-in-the-iot. Accessed: 2019--5--7.

[19]

edX-Curtin University. [n.d.]. Cybersecurity and Privacy in the IoT. https: //www.edx.org/course/cybersecurity-and-privacy-in-the-iot. Accessed: 06-07- 2019.

[20]

Facebook Inc. [n.d.]. React-A JavaScript library for building user interfaces. https://reactjs.org/. Accessed on 08--26--2020.

[21]

Zachary Fitz-Walter. 2020. What is Gamification? https://www.gamify.com/whatis-gamification.

[22]

Scott Freeman, Sarah L Eddy, Miles McDonough, Michelle K Smith, Nnadozie Okoroafor, Hannah Jordt, and Mary Pat Wenderoth. 2014. Active learning increases student performance in science, engineering, and mathematics. Proceedings of the National Academy of Sciences 111, 23 (2014), 8410--8415.

[23]

GiantBomb.com. 2020. Experience Points. https://www.giantbomb.com/ experience-points/3015--39/.

[24]

Craig Heffner. 2010. Binwalk: Firmware analysis tool. (2010).

[25]

Helen H. Hu and Clifton Kussmaul. 2012. Promoting Student-centered Learning with POGIL. In Proceedings of the 43rd ACM Technical Symposium on Computer Science Education (SIGCSE '12). 579--580.

[26]

Helen H Hu and Tricia D Shepherd. 2014. Teaching CS 1 with POGIL activities and roles. In Proceedings of the 45th ACM technical symposium on Computer science education. ACM, 127--132.

Digital Library

[27]

(ISC)2 . [n.d.]. Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens: (ISC)2 CYBERSECURITY WORKFORCE STUDY, 2018. Technical Report. Accessed on 04--22--2019.

[28]

json.org. [n.d.]. Introducing JSON. https://www.json.org/json-en.html. Accessed on 01--14--2021.

[29]

Jesper Juul. 2011. Half-real: Video games between real rules and fictional worlds. MIT press.

Digital Library

[30]

David R. Krathwohl. 2002. A Revision of Bloom's Taxonomy: An Overview. Theory Into Practice 41, 4 (2002), 212--218.

[31]

Clifton Kussmaul. 2012. Process oriented guided inquiry learning (POGIL) for computer science. In SIGCSE.

[32]

Celine Latulipe, N. Bruce Long, and Carlos E. Seminario. 2015. Structuring Flipped Classes with Lightweight Teams and Gamification. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (Kansas City, Missouri, USA) (SIGCSE '15). ACM, New York, NY, USA, 392--397.

[33]

Chengcheng Li and Rucha Kulkarni. 2016. Survey of Cybersecurity Education through Gamification. In Proceedings of the ASEE Annual Conference & Exposition.

[34]

Peter Loshin. [n.d.]. McAfee CISO explains why diversity in cybersecurity matters. https://searchsecurity.techtarget.com/feature/McAfee-CISO-explainswhy-diversity-in-cybersecurity-matters. Accessed on 04--22--2019.

[35]

Stephen MacNeil, Celine Latulipe, Bruce Long, and Aman Yadav. 2016. Exploring Lightweight Teams in a Distributed Learning Environment. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education (Memphis, Tennessee, USA) (SIGCSE '16). ACM, New York, NY, USA, 193--198.

Digital Library

[36]

Mary Lou Maher, Celine Latulipe, Heather Lipford, and Audrey Rorrer. 2015. Flipped Classroom Strategies for CS Education. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). 218--223.

Digital Library

[37]

Michael Mateas and Phoebe Sengers. 1998. Narrative Intelligence. In The Proceedings of AAAI Fall Symposium.

[38]

M Mateas and A Stern. 2003. Fa{ç}ade: An experiment in building a fully-realized interactive drama. In The Proceedings of Game Developers Conference, Game Design track. Citeseer.

[39]

Matt Trobbiani. [n.d.]. Hacknet Labyrinths. https://store.steampowered.com/ app/521840/Hacknet__Labyrinths/. Accessed on 08--25--2020.

[40]

Chet Meyers and Thomas B Jones. 1993. Promoting Active Learning. Strategies for the College Classroom. ERIC.

[41]

MongoDB, Inc. [n.d.]. MongoDB-The database for modern applications. https: //www.mongodb.com/. Accessed on 01--13--2021.

[42]

Rick Moog. 2014. Process oriented guided inquiry learning. Washington University Libraries.

[43]

Richard S Moog, James N Spencer, and Andrei R Straumanis. 2006. Processoriented guided inquiry learning: POGIL and the POGIL project. Metropolitan Universities 17, 4 (2006), 41--52.

[44]

NLTK Project. [n.d.]. Natural Language Toolkit. https://www.nltk.org/. Accessed on 08--11--2021.

[45]

Nokia. 2020. Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices. https://nokia.ly/3azsLiV.

[46]

Pallets. [n.d.]. Flask-web development, one drop at a time. https://flask. palletsprojects.com/en/1.1.x/. Accessed on 08--26--2020.

[47]

Katie Salen and Eric Zimmerman. 2003. Rules of Play: Game Design Fundamentals. The MIT Press.

Digital Library

[48]

Z. Cliffe Schreuders and Emlyn Butterfield. 2016. Gamification for Teaching and Learning Computer Security in Higher Education. In Proceedings of the USENIX Workshop on Advances in Security Education (ASE 16).

[49]

Security Today. 2020. The IoT Rundown For 2020: Stats, Risks, and Solutions. https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for2020.aspx?Page=2.

[50]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the USENIX Annual Technical Conference. 309--318.

[51]

Tactical Network Solutions. [n.d.]. IoT Firmware Exploitation. https://www. tacnetsol.com/store/aRyibNKX. Accessed: 2020--1--13.

[52]

TeachThought Staff. 2020. 12 Examples Of Gamification In The Classroom. https://www.teachthought.com/the-future-of-learning/12-examples-ofgamification-in-the-classroom/.

[53]

Tonex. [n.d.]. IoT Security Training. https://www.tonex.com/training-courses/ iot-security-training-iot-security-awareness/. Accessed: 2020--1--13.

[54]

Trend Micro: The fugle company. [n.d.]. Targeted Attack: The Game. http: //targetedattacks.trendmicro.com/. Accessed on 08--25--2020.

[55]

Udemy. [n.d.]. Fundamentals of IoT Security. https://www.udemy.com/ fundamentals-of-iot-security. Accessed: 2019--5--7.

[56]

Stacey Watson and Heather Richter Lipford. 2019. Motivating Students Beyond Course Requirements with a Serious Game. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education, SIGCSE. Association for Computing Machinery, 211--217.

Digital Library

[57]

William Crumpler. 2019. The Cybersecurity Workforce Gap. https://bit.ly/ 2IZ5snw.

[58]

wingkwong on Github. [n.d.]. react-quiz-component. https://github.com/ wingkwong/react-quiz-component. Accessed on 08--26--2020.

[59]

Michal Zalewski. 2010. American Fuzzy Lop: a security-oriented fuzzer. (2010).

Cited By

Redd BTang YZiv HPatil S(2024)Layering Sociotechnical Cybersecurity Concepts Within Project-Based LearningProceedings of the 2024 ACM Conference on International Computing Education Research - Volume 110.1145/3632620.3671093(406-418)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.1145/3632620.3671093
Švábenský VVykopal JČeleda PDovjak J(2024)Automated feedback for participants of hands-on cybersecurity trainingEducation and Information Technologies10.1007/s10639-023-12265-829:9(11555-11584)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10639-023-12265-8

Index Terms

Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses
1. Applied computing
  1. Education
    1. Interactive learning environments
2. Security and privacy
  1. Software and application security
    1. Software reverse engineering

Recommendations

Criminal Investigations: An InteractiveExperience to Improve Student Engagement and Achievement in Cybersecurity courses
SIGCSE '21: Proceedings of the 52nd ACM Technical Symposium on Computer Science Education

This poster presents Criminal Investigations, a text-based interactive activity designed to teach and assess reverse-engineering and firmware analysis skills in upper-division undergraduate cybersecurity courses. The activity incorporates elements of ...
Lessons in Copyright Activism: K-12 Education and the DMCA 1201 Exemption Rulemaking Process

Digital learning is being transformed by changes in copyright law. This article discusses the author's personal journey as a copyright education activist through two rounds of rulemaking proceedings before the Copyright Office concerning the anti-...
From the learner's perspective: A systematic review of MOOC learner experiences (2008–2021)
Abstract
We report the results of a systematic review of learners' experiences and perspectives in massive open online courses (MOOCs). This systematic review includes 51 articles published between 2008 and 2021 that appeared in top educational ...
Highlights
- MOOC learners' diverse intentions and motivations for enrollment influence their experiences within the course.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCSE 2022: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1

February 2022

1049 pages

ISBN:9781450390705

DOI:10.1145/3478431

General Chairs:
Larry Merkle
Air Force Institute of Technology, USA
,
Maureen Doyle
Northern Kentucky University, USA
,
Program Chairs:
Judithe Sheard
Monash University, Australia
,
Leen-Kiat Soh
University of Nebraska-Lincoln, USA
,
Brian Dorn
University of Nebraska at Omaha, USA

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCSE: ACM Special Interest Group on Computer Science Education

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

SIGCSE 2022

Sponsor:

SIGCSE

SIGCSE 2022: The 53rd ACM Technical Symposium on Computer Science Education

March 3 - 5, 2022

RI, Providence, USA

Acceptance Rates

Overall Acceptance Rate 1,595 of 4,542 submissions, 35%

Upcoming Conference

SIGCSE Virtual 2024

Sponsor:
sigcse

1st ACM Virtual Global Computing Education Conference

December 5 - 8, 2024

Virtual Event , NC , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
323
Total Downloads

Downloads (Last 12 months)153
Downloads (Last 6 weeks)25

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Redd BTang YZiv HPatil S(2024)Layering Sociotechnical Cybersecurity Concepts Within Project-Based LearningProceedings of the 2024 ACM Conference on International Computing Education Research - Volume 110.1145/3632620.3671093(406-418)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.1145/3632620.3671093
Švábenský VVykopal JČeleda PDovjak J(2024)Automated feedback for participants of hands-on cybersecurity trainingEducation and Information Technologies10.1007/s10639-023-12265-829:9(11555-11584)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10639-023-12265-8

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents