WIXLIB

Paper ID #32281Self-assessment of Knowledge Levels in the Subjects of Cyber Attacks andDefense in a Cybersecurity Awareness Education WorkshopDr. Te-Shun Chou, East Carolina UniversityDr. Te-Shun Chou is a Professor in the Department of Technology Systems (TSYS) at East CarolinaUniversity (ECU). He received his Bachelor degree in Electronics Engineering at Feng Chia Universityand both Master’s degree and Doctoral degree in Electrical Engineering at Florida International University. He serves as the program coordinator of the Master program in Network Technology for TSYS andthe lead faculty of Digital Communication Systems concentration for the Consortium Universities of thePh.D. in Technology Management. He is also the point of contact of ECU National Centers of AcademicExcellence in Cyber Defense Education (CAE-CDE). Dr. Chou teaches IT related courses, which includecyber security, intrusion detection and incident response, wireless communications, and network management. His research interests include machine learning, wireless communications, technology education,and cyber security, especially in the field of intrusion detection systems.Dr. Tijjani Mohammed, East Carolina UniversityTijjani Mohammed is an associate professor and chairperson in the department of Technology Systems,within the College of Engineering and Technology, at East Carolina University. His areas of intertestinclude computer networks, digital and microprocessor systems, industrial control systems, internet ofthings, and STEM education.c American Society for Engineering Education, 2021

Self-Assessment of Knowledge Levels in the Subjects of Cyber Attacks andDefense in a Cybersecurity Awareness Education Workshop

AbstractDuring the past couple of years, an online virtualized student-centric based learning system,Competitive Labs-as-a-Service (CLaaS), for cybersecurity education has been developed toprepare students with both theoretical knowledge and practical skills. The system included tenidentical learning environments that allowed for interaction among each environment, whichmade the learning system as a whole more like a realistic network environment. The systemcould be used in any cybersecurity related undergraduate and graduate courses. It would helpstudents understand the latest cybersecurity technologies. Furthermore, it would provide oncampus and distance education students with opportunities to learn and practice cyberattack andcyber defense techniques used in the real world.In order to maximize the positive impact of the system on cybersecurity education, a two-dayworkshop was held at East Carolina University (ECU) in the summer of 2019. The workshopwas hosted by the Department of Technology Systems (TSYS) and executed in a train-the-trainerformat. Nineteen college instructors from Southeast United States attended the workshop andparticipated in an exit survey. The survey included a set of categories each containing questionsto evaluate the workshop design and whether the participants thought the system would besuitable and helpful to students’ learning cybersecurity. Based on the survey outcomes, thedevelopment team could then make proper adjustments to improve the effectiveness of thesystem. In this paper, the design of the workshop was described. In addition, the paper discussedthe survey results and focused on the self-assessment of knowledge in the subjects ofcybersecurity category.Keywords: Cybersecurity; virtualization technology; cyberattack; cyber defense1. IntroductionHackers use a variety of skills to compromise systems in order to steal money, change data, ordestroy information. Cyberattacks pose serious threats and cause significant damage to privatecompanies and government agencies. For example, Yahoo suffered the biggest data breaches ofthe 21st century, in which one billion users’ accounts were comprised in 2013 and 2014 [1].Another example can be found from the City of Atlanta, Georgia. In March 2018, nearly all oftheir systems in the government of Jackson County, Georgia were locked and hacked by aransomware attack. The hack was the largest successful security breach of a major American cityby ransomware, which affected up to approximately 6 million people [2].Cyberattacks also target academic institutions. The latest one happened at Regis University inAugust 2019. The university reported that the outside malicious threat attacked their computersystems and shut down their website, phone lines, email services and online programs thatstudents use to submit work [3]. According to a study by Norton, cybercriminals will steal anestimated 33 billion records in 2023 [4]. Hence, cybersecurity in higher education has becomenot only important, but necessary to foster well-trained professionals to protect nationwidecomputer systems from cyberattacks.From 2017 to 2019, a team at ECU developed a cybersecurity learning system, CLaaS, based on

the need of our country for highly educated and skilled cybersecurity professionals. In order toprepare students with 21st century knowledge and skills related to cybersecurity, the system wasa combination of both cybersecurity theory and practical application in cybersecurity education.A variety of topics dealing with cyberattack and cyber defense were included in the system.These topics provided fundamental knowledge and best practices in cybersecurity that studentsneed in order to begin a comprehensive cybersecurity education.The system would help both our on-campus and distance education students to practice attackand defense techniques. It would also help other college students gain knowledge ofcybersecurity and awareness. Therefore, a two-day train-the-trainer workshop was organized inJuly 2019. A total of nineteen college instructors from fifteen colleges attended the workshop. Inthe workshop, the CLaaS was introduced and an exit survey was conducted. In this paper, we notonly introduced learning system and the workshop, but also discussed the survey and its results.This paper is organized as follows: Section 2 introduces the cybersecurity learning system. Section3 describes the recruitment. Section 4 illustrates the workshop. We then discuss the evaluation inSection 5 and the survey results in Section 6. Finally, we conclude our work in the last section.2. CLaaSThe system included multiple identical learning environments with virtual machines nested ineach environment to serve both tasks of attack and defense [5, 6]. The virtualized system mimicsa realistic network, providing real world experience while containing malicious network trafficwithin its boundaries. Each learner was given a learning environment. A graphic user interface(GUI) application was designed to provide access to the environment where cybersecurityactivities were performed [7].As shown in Figure 1, McAfee classified the network attacks into eight categories [8]. It isimpossible to introduce all of the cyber threats; however, we would like to cover as manycategories as possible and introduced the most important and current cybersecurity issues.Therefore, eight CyberSec activities were designed and each included two sub-labs: attack anddefense. Browser attacks and Scan categories: Web defacement labBrute force attacks and Scan categories: Secure remote login labDenial of service (DoS) attacks and Scan categories: FTP server DoS labWorm and Malware categories: Patch management and Backdoor labsWeb attacks and Scan categories: SQL injection (SQLi) labOthers and Scan categories: Honeypot and Secure plain text traffic labs

Figure 1. CyberSec labsA three-stage learning process was employed to help learners acquire knowledge of a certaintype of attack/defense [9]. Each attack/defense lab required learners to read an introduction ofthe attack/defense, pass a quiz, and then move on to the attack/defense instruction. Theinstruction included all the required information for launching the attack (or performing theprotection).Additionally, in order to encourage students to interact with others, the environment served as acompetition. Figure 2 shows the conceptual infrastructure diagram. Each learner owns a learningenvironment and acts as both attacker and defender. When acting as an attacker, learners will betaught to model the actions of the attacks to attack other learners within the learningenvironment. When acting as a defender, learners will be taught to identify system vulnerabilitiesand apply the appropriate mechanisms to harden the system.Objectives were included in each sub-lab. The learner who successfully completed an objectivegained one thousand points; on the contrary, the learner who did not properly implement adefense mechanism and was thus attacked by others consequently lost one thousand points. Inaddition, learners who successfully passed a quiz received ten points for each question. A Scoreand Message Board was implemented in the GUI application [10, 11]. When anattack/defense/quiz occurred, related messages were displayed on the Board. Figure 3 shows aphoto of the Board taken from the projector screen during the workshop.

Figure 2. The competition conceptual infrastructure diagramFigure 3. The Score and Message Board3. RecruitmentIn order to disseminate the system to other colleges who are interested in promotingcybersecurity education, a 2-day workshop was held in the summer of 2019. We opened twentyseats and used an online service [12] to design an application form for recruiting participants.The event information was distributed to both our Advisory Board of the Information ComputerTechnology (ICT) Program and the Cisco Academy Support Center. The seats were filled withinone day and nineteen attended the event. All the participants were from Colleges andUniversities in the Southeast region, which were a mix from North Carolina, South Carolina,Georgia, and Virginia. Among them, only two did not teach cybersecurity related courses. Inaddition, two guest speakers from the cybersecurity industry and three from academia wereinvited to give presentations about the latest technology and real-world cybersecurity issues.