Start Date

12-10-2019 10:30 AM

End Date

12-10-2019 10:55 AM

Location

KSU Center Rm 460

Abstract

Today’s college and university cybersecurity programs often contain multiple laboratory activities on various different hardware and software-based cybersecurity tools. These include preventive tools such as firewalls, virtual private networks, and intrusion detection systems. Some of these are tools used in attacking a network, such as packet sniffers and learning how to craft cross-site scripting attacks or man-in-the-middle attacks. All of these are important in learning cybersecurity. However, there is another important component of cybersecurity education – teaching students how to protect a system or network from attackers by learning their motivations, and how they think, developing the students’ “abilities to anticipate the strategic actions of cyber adversaries, including where, when, and how they might attack, and their tactics for evading detection.”

This paper describes the content and implementation of a 6 hour 15 minute (5 class sessions) module in Adversarial Thinking in a Network Security course, the students’ perceptions of the value and importance of the module as a result of their anonymous responses to a survey on the module, and the statistical results of a Data Breach Pretest-Posttest Assessment to measure how well they understood the concepts involved in Adversarial Thinking as part of learning cybersecurity.

Comments

Key words: Cybersecurity education, Adversarial thinking, Game theory, Behavioral game theory, Dominant strategies, Utility preferences, Interdependent choices

Share

COinS
 
Oct 12th, 10:30 AM Oct 12th, 10:55 AM

Adversarial Thinking: Teaching Students to Think Like a Hacker

KSU Center Rm 460

Today’s college and university cybersecurity programs often contain multiple laboratory activities on various different hardware and software-based cybersecurity tools. These include preventive tools such as firewalls, virtual private networks, and intrusion detection systems. Some of these are tools used in attacking a network, such as packet sniffers and learning how to craft cross-site scripting attacks or man-in-the-middle attacks. All of these are important in learning cybersecurity. However, there is another important component of cybersecurity education – teaching students how to protect a system or network from attackers by learning their motivations, and how they think, developing the students’ “abilities to anticipate the strategic actions of cyber adversaries, including where, when, and how they might attack, and their tactics for evading detection.”

This paper describes the content and implementation of a 6 hour 15 minute (5 class sessions) module in Adversarial Thinking in a Network Security course, the students’ perceptions of the value and importance of the module as a result of their anonymous responses to a survey on the module, and the statistical results of a Data Breach Pretest-Posttest Assessment to measure how well they understood the concepts involved in Adversarial Thinking as part of learning cybersecurity.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.