Interactive cybersecurity defense training inspired by web-based learning theory

As cybersecurity has become a huge problem of today's society, the demand for cybersecurity experts is increasing. Therefore, many researchers and organizations create training environments for professionals to have hands-on activities. However, in most cases, they are created manually and only focus on features, without a pedagogic point of view. This research proposes an interactive training interface aiming to bring a better interaction inspired by the web-based learning theory. Moreover, it runs on top of a system that can setup the training environment automatically and perform unmanned cyber attacks. In this paper, we first define requirements for a modern elearning system for cybersecurity training. We then describe how a defense training system is designed and implemented in this research. After that, a comparison of the implemented interface with the theory of interaction in web-based learning is presented. Based on this theory, a survey is conducted on participants with various cybersecurity background levels to evaluate the effectiveness of the training, and what participants expect from hands-on cybersecurity defense training programs. The time for environment creation is also evaluated.

[1]  Cuong Pham,et al.  CyRIS: a cyber range instantiation system for facilitating security training , 2016, SoICT.

[2]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[3]  Luis Miguel,et al.  (THREE TYPES OF INTERACTION (3TI) IN ONLINE LEARNING OF CURRICULUM AND TEACHING CAPACITIES (CTCS) OF TEACHERS OF THE CANARY ISLANDS' EDUCATIONAL SYSTEM) , 2011 .

[4]  L. Sutton The Principle of Vicarious Interaction in Computer-Mediated Communications , 2001 .

[5]  Thomas C. Reeves,et al.  Authentic activities and online learning , 2002 .

[6]  Thomas C. Reeves,et al.  Meaningful interaction in web-based learning: A social constructivist interpretation , 2007, Internet High. Educ..

[7]  Carlos Sarraute,et al.  Simulating cyber-attacks for fun and profit , 2009, SIMUTools 2009.

[8]  Jon Davis,et al.  A Survey of Cyber Ranges and Testbeds , 2013 .

[9]  Michael G. Wabiszewski,et al.  Enhancing realistic hands-on network training in a virtual environment , 2009, SpringSim '09.

[10]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[11]  Daniel C. A. Hillman,et al.  Learner-Interface Interaction in Distance Education: An Extension of Contemporary Models and Strategies for Practitioners , 1994 .

[12]  Thomas C. Reeves,et al.  Designing authentic activities in web-based courses , 2004, J. Comput. High. Educ..

[13]  Moises Sudit,et al.  Cyber attack modeling and simulation for network security analysis , 2007, 2007 Winter Simulation Conference.

[14]  Yasuo Tan,et al.  CyTrONE: An Integrated Cybersecurity Training Framework , 2017, ICISSP.