Collaborative Research: Modeling Student Activity and Learning on Cybersecurity Testbeds
University Of Southern California, Los Angeles CA
Investigators
Abstract
This project led by the University of Southern California, in collaboration with Evergreen State College and Lewis and Clark College, aims to develop tools that automatically assess student learning in practical cybersecurity tasks, both for individual students and for the entire class. This is currently a challenge because such tasks are often open-ended and exploratory in nature. Because they can be completed in many ways, student learning in cybersecurity may not always be recognized by the instructor. This makes it hard to assess the sophistication of a student's path to success. Similarly, it may also be a challenge to identify the reasons why students experience failure, and to provide useful and timely feedback to students and instructors. The proposed project work will uncover reasons behind student underperformance in practical cybersecurity exercises, and will help identify effective interventions. The proposed research may also help network test beds retain and better serve their users. The impact of these activities will be three-fold. First, the developed tools will be integrated with two previously developed platforms for cybersecurity exercises: DeterLab and EDURange. This will directly impact approximately 2,000 students annually. Second, the tools will be highly portable to other platforms that use Linux in practical cybersecurity exercises, and can reach a wider audience. Third, the tools will help retain talent from disadvantaged and minority populations, as it will allow for earlier intervention and feedback to complete challenging, practical tasks. This project will develop ACSLE, a framework for automated assessment of student learning in practical cybersecurity exercises. ACSLE will engage in constant and extensive monitoring of student interaction with the computer, and will allow for the correlation with desired learning outcomes. ACSLE starts with the development of tools that monitor low-level student activities, such as commands typed, traffic generated and files and processes created. These low-level records are then synthesized into high-level indicators of student progress on a given cybersecurity task. The outcomes will allow for: (1) classification of students into several learning styles based on proficiency with a task and level of foundational skill; (2) clustering of solutions to specific learning challenges identified in student groups that have similar learning styles; (3) collection of successful learning paths developed over time and methods for identifying struggling students; (4) identification of causes of failure and delivery of appropriate learning interventions; and (5) aggregation of performance data for a class as well as identification of tasks that are difficult for many students. ACSLE will thus provide useful information for students and teachers, and improve overall learning in practical cybersecurity exercises.
View original record on NSF Award Search →