Z. Cliffe Schreuders, Thomas Shaw, Aimée Mac Muireadhaigh, and Paul Staniforth, Leeds Beckett University
Capture the flag (CTF) has been applied with success in cybersecurity education, and works particularly well when learning offensive techniques. However, defensive security and incident response do not always naturally fit the existing approaches to CTF. We present Hackerbot, a unique approach for teaching computer security: students interact with a malicious attacker chatbot, who challenges them to complete a variety of security tasks, including defensive and investigatory challenges. Challenges are randomised using SecGen, and deployed onto an oVirt infrastructure.
Evaluation data included system performance, mixed methods questionnaires (including the Instructional Materials Motivation Survey (IMMS) and the System Usability Scale (SUS)), and group interviews/focus groups. Results were encouraging, finding the approach convenient, engaging, fun, and interactive; while significantly decreasing the manual marking workload for staff. The cloud infrastructure deployment using SecGen/oVirt was a success, generating VMs with randomised challenges, and enabling students to work from home.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Z. Cliffe Schreuders and Thomas Shaw and Aim{\'e}e Mac Muireadhaigh and Paul Staniforth},
title = {Hackerbot: Attacker Chatbots for Randomised and Interactive Security Labs, Using {SecGen} and {oVirt}},
booktitle = {2018 USENIX Workshop on Advances in Security Education (ASE 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/ase18/presentation/schreuders},
publisher = {USENIX Association},
month = aug
}
