Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses

Authors:
John Grady Hall

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

,
Abhinav Mohanty

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

,
Pooja Murarisetty

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

,
Ngoc Diep Nguyen

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

,
Julio César Bahamón

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

,
Harini Ramaprasad

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

,
Meera Sridhar

University of North Carolina at Charlotte, Charlotte, NC, USA

University of North Carolina at Charlotte, Charlotte, NC, USA
View Profile

SIGCSE 2022: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1February 2022Pages 696–702https://doi.org/10.1145/3478431.3499417

Published:22 February 2022Publication History

SIGCSE 2022: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1

Pages 696–702

ABSTRACT

This paper presents Criminal Investigations, a gamified, scalable web-based framework for teaching and assessing Internet-of-Things (IoT) security skills. Criminal Investigations is packaged as a series of stackable IoT security activities; the current version uses React for the front-end development and Python for the back-end, and is deployed as a web application on a university server. Criminal Investigations promotes student engagement and learning by incorporating gamification concepts such as storytelling, experience points, just-in-time learning content delivery and checkpoints into activity design. This paper presents a pilot deployment of Criminal Investigations' first, fully-deployed, prototype activity "Reverse Engineering and Analyzing IoT Firmware''. The results of the pilot deployment indicate that Criminal Investigations provides an engaging, user-friendly, accessible environment, and helps students achieve the learning objectives of the prototype activity.

References

[n.d.]. Process Oriented Guided Inquiry Learning. https://pogil.org/.Google Scholar
[n.d.]. Process Oriented Guided Inquiry Learning. http://cspogil.org/Home.Google Scholar
[n.d.]. The Need for Diversity in Cybersecurity. https://medium.com/diversityunscripted/the-need-for-diversity-in-cybersecurity-1ec1c14e1770.Google Scholar
Muhammad Rizwan Asghar and Andrew Luxton-Reilly. 2018. Teaching Cyber Security Using Competitive Software Obfuscation and Reverse Engineering Activities. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education. 179--184.Google ScholarDigital Library
Attify. [n.d.]. Offensive IoT Exploitation. https://www.attify.com/iot-securityexploitation-training. Accessed: 2020--1--13.Google Scholar
Jonathan Bergmann and Aaron Sams. 2012. Flip your classroom: Reach every student in every class every day. International society for technology in education.Google Scholar
J. Bergmann and A. Sams. 2014. Flipped Learning: Gateway to Student Engagement. International Society for Technology in Education.Google Scholar
Jacob Lowell Bishop and Matthew A Verleger. 2013. The flipped classroom: A survey of the research. In ASEE National Conference Proceedings, Atlanta, GA, Vol. 30. 1--18.Google ScholarCross Ref
Charles C Bonwell and James A Eison. 1991. Active Learning: Creating Excitement in the Classroom. 1991 ASHE-ERIC Higher Education Reports. ERIC.Google Scholar
Brian Russel and Sunil Gupta. [n.d.]. Securing IoT: From Security to Practical Pentesting on IoT. https://www.udemy.com/course/securing-iot-from-securityto-practical-pentesting-on-iot/. Accessed: 06-07--2019.Google Scholar
Patrick Buckley and Elaine Doyle. 2016. Gamification and student motivation. Interactive Learning Environments 24, 6 (2016), 1162--1175. https://doi.org/10. 1080/10494820.2014.964263Google ScholarCross Ref
Tom Chothia and Joeri de Ruiter. 2016. Learning From Others' Mistakes: Penetration Testing IoT Devices in the Classroom. In USENIX Workshop on Advances in Security Education (ASE 16).Google Scholar
OverTheWire (community). [n.d.]. Wargames. http://overthewire.org/ wargames/.Google Scholar
Chris Crawford. 2003. Chris Crawford on Game Design. New Riders Publishing, USA.Google ScholarDigital Library
DataUSA. [n.d.]. INFORMATION SECURITY ANALYSTS. https://datausa.io/ profile/soc/151122/#demographics. Accessed on 04--22--2019.Google Scholar
Tamara Denning, Adam Lerner, Adam Shostack, and Tadayoshi Kohno. 2013. Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security (CCS). 915--928.Google ScholarDigital Library
Distributed Management Task Force (DMTF). [n.d.]. Open Virtualization Format. https://www.dmtf.org/standards/ovf. Accessed on 01--14--2021.Google Scholar
edx. [n.d.]. Cybersecurity and Privacy in the IoT. https://www.edx.org/course/ cybersecurity-and-privacy-in-the-iot. Accessed: 2019--5--7.Google Scholar
edX-Curtin University. [n.d.]. Cybersecurity and Privacy in the IoT. https: //www.edx.org/course/cybersecurity-and-privacy-in-the-iot. Accessed: 06-07- 2019.Google Scholar
Facebook Inc. [n.d.]. React-A JavaScript library for building user interfaces. https://reactjs.org/. Accessed on 08--26--2020.Google Scholar
Zachary Fitz-Walter. 2020. What is Gamification? https://www.gamify.com/whatis-gamification.Google Scholar
Scott Freeman, Sarah L Eddy, Miles McDonough, Michelle K Smith, Nnadozie Okoroafor, Hannah Jordt, and Mary Pat Wenderoth. 2014. Active learning increases student performance in science, engineering, and mathematics. Proceedings of the National Academy of Sciences 111, 23 (2014), 8410--8415.Google ScholarCross Ref
GiantBomb.com. 2020. Experience Points. https://www.giantbomb.com/ experience-points/3015--39/.Google Scholar
Craig Heffner. 2010. Binwalk: Firmware analysis tool. (2010).Google Scholar
Helen H. Hu and Clifton Kussmaul. 2012. Promoting Student-centered Learning with POGIL. In Proceedings of the 43rd ACM Technical Symposium on Computer Science Education (SIGCSE '12). 579--580.Google Scholar
Helen H Hu and Tricia D Shepherd. 2014. Teaching CS 1 with POGIL activities and roles. In Proceedings of the 45th ACM technical symposium on Computer science education. ACM, 127--132.Google ScholarDigital Library
(ISC)2 . [n.d.]. Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens: (ISC)2 CYBERSECURITY WORKFORCE STUDY, 2018. Technical Report. Accessed on 04--22--2019.Google Scholar
json.org. [n.d.]. Introducing JSON. https://www.json.org/json-en.html. Accessed on 01--14--2021.Google Scholar
Jesper Juul. 2011. Half-real: Video games between real rules and fictional worlds. MIT press.Google ScholarDigital Library
David R. Krathwohl. 2002. A Revision of Bloom's Taxonomy: An Overview. Theory Into Practice 41, 4 (2002), 212--218.Google ScholarCross Ref
Clifton Kussmaul. 2012. Process oriented guided inquiry learning (POGIL) for computer science. In SIGCSE.Google Scholar
Celine Latulipe, N. Bruce Long, and Carlos E. Seminario. 2015. Structuring Flipped Classes with Lightweight Teams and Gamification. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (Kansas City, Missouri, USA) (SIGCSE '15). ACM, New York, NY, USA, 392--397.Google Scholar
Chengcheng Li and Rucha Kulkarni. 2016. Survey of Cybersecurity Education through Gamification. In Proceedings of the ASEE Annual Conference & Exposition.Google ScholarCross Ref
Peter Loshin. [n.d.]. McAfee CISO explains why diversity in cybersecurity matters. https://searchsecurity.techtarget.com/feature/McAfee-CISO-explainswhy-diversity-in-cybersecurity-matters. Accessed on 04--22--2019.Google Scholar
Stephen MacNeil, Celine Latulipe, Bruce Long, and Aman Yadav. 2016. Exploring Lightweight Teams in a Distributed Learning Environment. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education (Memphis, Tennessee, USA) (SIGCSE '16). ACM, New York, NY, USA, 193--198.Google ScholarDigital Library
Mary Lou Maher, Celine Latulipe, Heather Lipford, and Audrey Rorrer. 2015. Flipped Classroom Strategies for CS Education. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). 218--223.Google ScholarDigital Library
Michael Mateas and Phoebe Sengers. 1998. Narrative Intelligence. In The Proceedings of AAAI Fall Symposium.Google Scholar
M Mateas and A Stern. 2003. Fa{ç}ade: An experiment in building a fully-realized interactive drama. In The Proceedings of Game Developers Conference, Game Design track. Citeseer.Google Scholar
Matt Trobbiani. [n.d.]. Hacknet Labyrinths. https://store.steampowered.com/ app/521840/Hacknet__Labyrinths/. Accessed on 08--25--2020.Google Scholar
Chet Meyers and Thomas B Jones. 1993. Promoting Active Learning. Strategies for the College Classroom. ERIC.Google Scholar
MongoDB, Inc. [n.d.]. MongoDB-The database for modern applications. https: //www.mongodb.com/. Accessed on 01--13--2021.Google Scholar
Rick Moog. 2014. Process oriented guided inquiry learning. Washington University Libraries.Google Scholar
Richard S Moog, James N Spencer, and Andrei R Straumanis. 2006. Processoriented guided inquiry learning: POGIL and the POGIL project. Metropolitan Universities 17, 4 (2006), 41--52.Google Scholar
NLTK Project. [n.d.]. Natural Language Toolkit. https://www.nltk.org/. Accessed on 08--11--2021.Google Scholar
Nokia. 2020. Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices. https://nokia.ly/3azsLiV.Google Scholar
Pallets. [n.d.]. Flask-web development, one drop at a time. https://flask. palletsprojects.com/en/1.1.x/. Accessed on 08--26--2020.Google Scholar
Katie Salen and Eric Zimmerman. 2003. Rules of Play: Game Design Fundamentals. The MIT Press.Google ScholarDigital Library
Z. Cliffe Schreuders and Emlyn Butterfield. 2016. Gamification for Teaching and Learning Computer Security in Higher Education. In Proceedings of the USENIX Workshop on Advances in Security Education (ASE 16).Google Scholar
Security Today. 2020. The IoT Rundown For 2020: Stats, Risks, and Solutions. https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for2020.aspx?Page=2.Google Scholar
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker.. In Proceedings of the USENIX Annual Technical Conference. 309--318.Google Scholar
Tactical Network Solutions. [n.d.]. IoT Firmware Exploitation. https://www. tacnetsol.com/store/aRyibNKX. Accessed: 2020--1--13.Google Scholar
TeachThought Staff. 2020. 12 Examples Of Gamification In The Classroom. https://www.teachthought.com/the-future-of-learning/12-examples-ofgamification-in-the-classroom/.Google Scholar
Tonex. [n.d.]. IoT Security Training. https://www.tonex.com/training-courses/ iot-security-training-iot-security-awareness/. Accessed: 2020--1--13.Google Scholar
Trend Micro: The fugle company. [n.d.]. Targeted Attack: The Game. http: //targetedattacks.trendmicro.com/. Accessed on 08--25--2020.Google Scholar
Udemy. [n.d.]. Fundamentals of IoT Security. https://www.udemy.com/ fundamentals-of-iot-security. Accessed: 2019--5--7.Google Scholar
Stacey Watson and Heather Richter Lipford. 2019. Motivating Students Beyond Course Requirements with a Serious Game. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education, SIGCSE. Association for Computing Machinery, 211--217.Google ScholarDigital Library
William Crumpler. 2019. The Cybersecurity Workforce Gap. https://bit.ly/ 2IZ5snw.Google Scholar
wingkwong on Github. [n.d.]. react-quiz-component. https://github.com/ wingkwong/react-quiz-component. Accessed on 08--26--2020.Google Scholar
Michal Zalewski. 2010. American Fuzzy Lop: a security-oriented fuzzer. (2010).Google Scholar

Index Terms

Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses
1. Applied computing
  1. Education
    1. Interactive learning environments
2. Security and privacy
  1. Software and application security
    1. Software reverse engineering

Recommendations

Criminal Investigations: An InteractiveExperience to Improve Student Engagement and Achievement in Cybersecurity courses
SIGCSE '21: Proceedings of the 52nd ACM Technical Symposium on Computer Science Education

This poster presents Criminal Investigations, a text-based interactive activity designed to teach and assess reverse-engineering and firmware analysis skills in upper-division undergraduate cybersecurity courses. The activity incorporates elements of ...
Read More
Lessons in Copyright Activism: K-12 Education and the DMCA 1201 Exemption Rulemaking Process

Digital learning is being transformed by changes in copyright law. This article discusses the author's personal journey as a copyright education activist through two rounds of rulemaking proceedings before the Copyright Office concerning the anti-...
Read More
From the learner's perspective: A systematic review of MOOC learner experiences (2008–2021)
Abstract
We report the results of a systematic review of learners' experiences and perspectives in massive open online courses (MOOCs). This systematic review includes 51 articles published between 2008 and 2021 that appeared in top educational ...
Highlights
- MOOC learners' diverse intentions and motivations for enrollment influence their experiences within the course.
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGCSE 2022: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1
February 2022
1049 pages
ISBN:9781450390705
DOI:10.1145/3478431
General Chairs:
Larry Merkle
Air Force Institute of Technology, USA
,
Maureen Doyle
Northern Kentucky University, USA
,
Program Chairs:
Judithe Sheard
Monash University, Australia
,
Leen-Kiat Soh
University of Nebraska-Lincoln, USA
,
Brian Dorn
University of Nebraska at Omaha, USA
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 February 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
achievement
education
engagement
gamification
interactive
reverse-engineering
security
teaching
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,595of4,542submissions,35%
Upcoming Conference
SIGCSE Virtual 2024

Sponsor:

sigcse

SIGCSE Virtual 2024: ACM Virtual Global Computing Education Conference

December 5 - 7, 2024

Virtual Event , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 248
  Total Downloads
- Downloads (Last 12 months)121
- Downloads (Last 6 weeks)16
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses

SIGCSE 2022: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1

ABSTRACT

References

Cited By

Index Terms

Recommendations

Criminal Investigations: An InteractiveExperience to Improve Student Engagement and Achievement in Cybersecurity courses

Lessons in Copyright Activism: K-12 Education and the DMCA 1201 Exemption Rulemaking Process

From the learner's perspective: A systematic review of MOOC learner experiences (2008–2021)