Start Date

October 2018

End Date

October 2018

Location

KC 400

Abstract

According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) tool that asks students to perform an ARP Spoofing Attack by manually creating ARP reply packets. It was demonstrated in previous research that both tools enhanced students’ learning.

In this paper, we are going to scientifically evaluate and compare the effectiveness of these two tools. We divided the class of forty-five students randomly into two groups. Group A was assigned HGUI lab and the Group B was assigned the HandsOn lab. The labs were assigned as a one and half week homework assignments. Both groups were given a pre-survey and a pre-quiz before the lab. After they submitted the lab, we gave them a post-survey and a post quiz. The analysis shows that prior to the labs, students in both groups have almost identical background in the knowledge of ARP Spoofing. After the lab, both groups made statistically significant improvements. Although group A did better on survey and group B did better on quiz, it is not statistically significant enough to draw a definitive conclusion according to the student’s t-test result. Also, in analyzing survey results, we found that actively reading cyber security related articles is a more significant contributing factor in students’ knowledge in the subject matter than other factors including having formal training or taking cyber security classes.

Share

COinS
 
Oct 20th, 10:30 AM Oct 20th, 10:55 AM

Evaluating Two Hands-On Tools for Teaching Local Area Network Vulnerabilities

KC 400

According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) tool that asks students to perform an ARP Spoofing Attack by manually creating ARP reply packets. It was demonstrated in previous research that both tools enhanced students’ learning.

In this paper, we are going to scientifically evaluate and compare the effectiveness of these two tools. We divided the class of forty-five students randomly into two groups. Group A was assigned HGUI lab and the Group B was assigned the HandsOn lab. The labs were assigned as a one and half week homework assignments. Both groups were given a pre-survey and a pre-quiz before the lab. After they submitted the lab, we gave them a post-survey and a post quiz. The analysis shows that prior to the labs, students in both groups have almost identical background in the knowledge of ARP Spoofing. After the lab, both groups made statistically significant improvements. Although group A did better on survey and group B did better on quiz, it is not statistically significant enough to draw a definitive conclusion according to the student’s t-test result. Also, in analyzing survey results, we found that actively reading cyber security related articles is a more significant contributing factor in students’ knowledge in the subject matter than other factors including having formal training or taking cyber security classes.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.