Abstract
Cybersecurity education and training are being conducted on an ever-increasing scale, as most organizations need to improve their readiness in dealing with the more and more frequent cyberattacks. However, most systems used for such education and training purposes are built from scratch, are highly customized, and often proprietary. This is true especially for complex activities that include hands-on practice, such as Capture The Flag (CTF) competitions and realistic cyber range training. Moreover, the specificities of these platforms create an important overhead, both for instructors, who need to develop training content and learn how to use them, and also for trainees, who need to each time adjust to a different platform. In this paper, we present our approach of integrating cybersecurity training activities, both for technical and awareness training, with Learning Management Systems (LMSs). In particular, our system—named CyLMS—provides integration from content point of view with most LMSs through the use of the SCORM format for packaging the training content. Moreover, additional CyLMS modules make possible a tighter integration with the Moodle LMS, a widely-used e-learning platform, for tasks such as automatic activity management and hands-on environment access. In this way, both instructors and trainees benefit from standard interfaces for checking the training content, answering questions, managing the results, etc. The paper includes an evaluation of CyLMS from a functionality, user and performance perspectives that demonstrates its applicability to actual training activities. While so far we have only used CyLMS in the cybersecurity context, the platform is sufficiently generic to be applied to other education activities, as a learning content management tool that facilitates training content creation and sharing.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The technique of port forwarding also makes it possible to access remote web servers in a closed environment, such as a cyber range, via one’s own PC browser, hence serving the same purpose and providing a better performance, albeit with potential security risks.
References
Advanced Distributed Learning (ADL) Initiative: SCORM Overview. https://www.adlnet.gov/scorm.
Alario-Hoyos, C., Bote-Lorenzo, M.L., Gomez-Sanchez, E., Asensio-Perez, J.I., Vega-Gorgojo, G., Ruiz-calleja, A. (2013). GLUE: An architecture for the integration of external tools in Virtual Learning Environments. Computers & Education, 60(1), 122–137.
Bartnes, M., Moe, N.B., Heegaard, P.E. (2016). The future of information security incident management training: a case study of electrical power companies. Computers & Security, 61(Section C), 32–45.
Beuran, R., Pham, C., Tang, D., Chinen, K., Tan, Y., Shinoda, Y. (2018). Cybersecurity education and training support system: cyRIS. IEICE Transactions on Information and Systems, E101-D(3), 740–749.
Beuran, R., Tang, D., Pham, C., Chinen, K., Tan, Y., Shinoda, Y. (2018). Integrated framework for hands-on cybersecurity training: CyTrONE. Computers & Security, 78C, 43–59.
Brin, S., & Page, L. (1998). The anatomy of a large-scale hypertextual Web search engine. Computer Networks and ISDN Systems, 30(1–7), 107–117.
Cyber Range Organization and Design (CROND). GitHub Repository for CyLMS. https://github.com/crond-jaist/cylms.
DBpedia Association: DBpedia Website. https://wiki.dbpedia.org/.
Evans, C. (2017). The Official YAML Website. http://www.yaml.org/.
Ghiglieri, M., & Stopczynski, M. (2016). Seclab: an innovative approach to learn and understand current security and privacy issues. In Proceedings of the 17th Annual Conference on Information Technology Education (SIGITE ‘16) (pp 67–72).
IMS Global Learning Consortium: Learning Tools Interoperability Website. http://www.imsglobal.org/activity/learning-tools-interoperability.
Jeffrey, C. tty.js: A terminal for your browser, using node/express/socket.io. https://github.com/chjj/tty.js/.
Noor Azam, Md.H., & Beuran, R. (2018). Usability evaluation of open source and online capture the flag platforms. Tech. Rep. IS-RR-2018-001 Japan advanced institute of science and technology (JAIST).
Muras, T. Moosh Official Website. https://moosh-online.com/.
National Institute of Information and Communications Technology, Japan: Cyber Defense Exercise with Recurrence (CYDER) (in Japanese). https://cyder.nict.go.jp/.
noVNC Development Team. noVNC: HTML VNC Client Library and Application. https://github.com/novnc/noVNC.
Rustici Software: Sample SCORM Packages. https://scorm.com/scorm-explained/technical-scorm/golf-examples/.
Sancristobal, E., Castro, M., Harward, J., Baley, P., DeLong, K., Hardison, J. (2010). Integration view of web labs and learning management systems. In Proceedings of IEEE EDUCON 2010 Conference (pp. 1409–1417).
SANS Institute: SANS NetWars Training Courses. https://www.sans.org/netwars/.
Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A. (2008). National institute of standards and technology – technical guide to information security testing and assessment.
Soceanu, A., Vasylenko, M., Gradinaru, A. (2017). Improving cybersecurity skills using network security virtual labs. In: Proceedings of International MultiConference of Engineers and Computer Scientists (IMECS 2017).
Tan, Z., Hasegawa, S., Beuran, R. (2018). Concept map building from linked open data for cybersecurity awareness training. In Proceedings of the Japanese society for artificial intelligence (JSAI) special interest group on advanced learning science and technology workshop (SIG-ALST83) (pp. 1–6).
Tang, D., Pham, C., Chinen, K., Beuran, R. (2017). Interactive cybersecurity defense training inspired by web-based learning theory. In Proceedings of the IEEE 9th international conference on engineering education (ICEED 2017) (pp. 103–108).
The Moodle Project: AIKEN Format. https://docs.moodle.org/en/Aiken_format.
The Moodle Project: GIFT Format. https://docs.moodle.org/en/GIFT_format.
The Moodle Project: Moodle XML Format. https://docs.moodle.org/en/Moodle_XML_format.
Web Application Security Forum: Hardening Project (in Japanese). https://wasforum.jp/hardening-project/ https://wasforum.jp/hardening-project/.
Woo, Y., & Reeves, T.C. (2007). Meaningful interaction in web-based learning: a social constructivist interpretation. The Internet and Higher Education, 10(1), 15–25.
Acknowledgements
The authors would like to thank Muhammad Harith bin Noor Azam for the initial implementation of content management via moosh, and Masanori Sunagawa for the prototype implementation of remote desktop access via noVNC. This work was supported by JSPS KAKENHI Grants Number 17K00478 and 17K00479.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Dat Tang was with Japan Advanced Institute of Science and Technology at the time of this work.
Rights and permissions
About this article
Cite this article
Beuran, R., Tang, D., Tan, Z. et al. Supporting cybersecurity education and training via LMS integration: CyLMS. Educ Inf Technol 24, 3619–3643 (2019). https://doi.org/10.1007/s10639-019-09942-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10639-019-09942-y